This is Part 11 on Securing Your WHS & Network. Threats and risks can be experienced by allowing friends and other family to access the files on the WHS via the Internet. The role of the administrator is explained and methods that can reduce the administrative burden are identified. Alternative methods to protect your Windows Home Server and networked computers from unauthorized use are proposed. The security plan is revisited to address how to securely share files with this user class. The result is to ensure that files on the WHS are available to those identified by the administrator.
Part 4 identifies the role the administrator plays with creating computer user accounts and granting access to authorized users on the local network. Allowing access to the WHS and other network resources via the Internet requires a finer degree of granulation and more restrictions to the local access security plan. Access to files may differ based on whether a computer is connected to the local area network or is connected by the Internet.
Without proper planning, the time spent managing user accounts can quickly become an impossible task. Also, allowing inappropriate read or full access may accidently disclose personal information or result in files being deleted by accident.
The administrator should also organize files to limit access based on the user accounts. Small businesses need to determine which employee is permitted to access files. The administrator must balance the desire to share files with others using the Internet with the safeguards that are necessary to protect the files. This is possibly a reason for having a home server and the WHS does a good job with facilitating the concept of social networking.
The administrator should analyze who is permitted access to specific files. The analysis also should include factors such as permissions to read, upload, alter, and delete files. With the current version of the Windows Home Server, permissions for a shared folder are limited to read, full, or no access. This limitation must be used as a factor when granting user permissions. The analysis will identify clusters of people with similar file access needs. The result will guide the administrator as to how to organize the files and balance the access control.
Homes or home-based businesses have a completely different set of needs when allowing access to the WHS. Because multi-media is a major part of the WHS, families may want to share music, photos, or home movies with friends and other family members.
Using your WHS to share music, photos, and home movies means that the administrator needs a way to manage the access control without it becoming an overwhelming burden. We recommend creating user accounts based on a class or group of people. An account for family members called "Family" or "Relatives" and an account for friends called "Friends" can be created. Bear in mind that the Windows Home Server is limited to ten user accounts, not counting the Guest account. The Guest account should only be enabled for specific circumstances. The Guest account is discussed later in this part.
The following is an example of an access control matrix that can be used to plan the creation of shared folders and group user accounts. The analysis has identified four groups that have different limitations to the files they can access. The Smith and Jones family both share common access needs except for Sam Jones. The Smith family cousins are restricted to a subset of photos. There are two non-family groups, one who can view photos of the Bahamas vacation and one who can view the Scouting photos. The exception is Sam Jones, who has full access to all photos and movies.
The first step to implement the requirements in the example above, shared folders for "Photos - Smith Cousins", "Photos - Bahamas Vacation", and "Photos - Scouting" are created on the Windows Home Server. To create a shared folder, click the Shared Folders tab in the WHS Console and click the Add option. Enter a name and description of the new folder, enable folder duplication if desired, and click the Next > button. Then click the Finish button for the level of access. The following is an example of creating a shared folder for "Photos - Bahamas Vacation". Repeat this process for each shared folder that is needed.
The second step is to create user accounts for "Family", "Smith-Cousins", "Friends", "Scouting", and "Sam Jones". The following is an example of creating a WHS user account for "Family".
To create a user account for "Family, click the User Accounts tab in the WHS Console and then click the Add option. Enter Family in the first name and logon name fields. Place a check mark for the Enable Remote Access for this user option and then select Allow access to shared folders only option. Click the Next > button to set the password.
Enter and confirm the password. Refer to Part 4 on how to create a strong password that is complex and how to safeguard passwords. Click the Next > button to set permissions to shared folders.
Select the WHS shared folders that the "Family" account is permitted to access. Based on our access matrix this account should have read access to a limited set of shared folders. If you want to permit users of the "Family" account to upload files, then permit Full access to the Family folder.
In our example, the "Family" user account does not have access to the Chuck and Mary shared folders. It has full access to the Family folder and read access to the remaining folders. Click the Finish button when access permissions have been assigned and to save the account information.
After creating the WHS user account, each family member can be given the URL to the website. The configuration method for the WHS domain is explained in Part 10. Tell them to enter "Family" as the user name and give them the password that is associated with the account.
The router and WHS must be properly configured to permit access to the WHS. Part 9 explains how to configure the router's WAN, LAN, network objects, and HTTP rule. Part 10 explains how to configure the WHS remote access and the router's HTTPS rule.
When a family member logs on to the Windows Home Server, they can enjoy music, photos, and videos depending on how the account is configured. In our example we type myserver.homeserver.com in the address bar of our browser. The Windows Home Server Web Site log on page displays. Click the Log On button. The WHS Remote Access page uses HTTPS to secure the log on transaction. Enter the user name and password and click the Log On button.
The following is an example of how a person using the "Family" WHS user account logs on to the WHS website.
When a family member successfully logs on to the Windows Home Server all activity during the session is secured by HTTPS. The remote access main page displays the options that are based on the Family user account access permissions. In our example, there is a shared folder and log off option. The computers option is not displayed because the Family user account is restricted to access shared folders only. The following is an example of shared folders that are available to the Family user account. Refer to Part 10 for expanded details that are available for browsing shared folders.
To ensure a higher level of security, we recommend that the password for the group accounts be changed periodically. The password for "Friends" should be changed more frequently. The administrator can maintain an email group for each group user account created on the WHS. This helps the administrator manage who is given the password and makes it easier to notify group members when the password is changed.
Granting Full access to the Family folder permits users of the "Family" user account to upload files from their computer to the WHS Family folder. Part 10 has expanded details of uploading files to the WHS.
There is a possibility that a file may contain a virus or malicious program and the friend or family member are not aware that the file is infected. As the administrator of your WHS you cannot assume that the computers used by friends or family members have anti-virus programs that are properly installed and are up-to-date.
In Parts 8 and 9 we discussed the alternatives to installing an anti-virus program on the WHS versus using hardware or software perimeter based firewall router with virus detection capabilities. Permitting Full access to a folder exposes your WHS and network to greater risks. We do not recommend that the "Friends" and "Family" user accounts be permitted to have Full access to any folder. Rather, we recommend that users of these accounts to send files to your email account. This will allow the anti-virus program installed on your computer to scan the files for viruses. Once determined to be safe, the files can be moved to the appropriate folder on the WHS.
We strongly recommend that the "Guest" account not be used and be disabled on every computer and on the WHS. This is because the "Guest" account is an anonymous type of account that does not have any trust relationship. Part 4 explains how computer user accounts and passwords are used as the basis of trust relationships.
The administrator should consider other methods to address the need to share files. Photos can be shared using free Internet services like Flicker or they can be shared by using your WHS. There are pros and cons for each option and the administrator needs to balance the risks.
Using a public Internet site pushes the access control and availability management away from the WHS to the Internet site. Even though access to your files is limited by their log on process, privacy and ownership issues must be considered. You are putting your personal photos on a public site. The site may track user activity or even gather the information that is stored in the file's properties.
Access to the site is usually by HTTP which is unsecured. The administrator needs to consider if they want to put personal files on a public site. In contrast, by using a public site you copy your files to an Internet server. The original files are safely stored on the WHS. There are WHS Add-In products that help with the synchronization of files between your server and the Internet site.
We at Home Server Land make the following recommendations to enhance the security of computer and your privacy as it applies to permitting family and friends to access files.
This blog identified threats that are associated with permitting family and friends access to files on the WHS. The security plan should be updated to identify threats specific to your WHS and network and address methods to resolve the threats. We have developed the Friends and Family Threats Risk Assessment to assist with the identification and methods that can reduce threats we identified. The Threat and Risk Assessment Worksheet can be used to document the threats that have been identified and used as a basis to manage them. Both documents are attached at the end of this blog.
This concludes Part 11 of Securing Your WHS & Network. We identified the risks and vulnerabilities that are associated with permitting other family and friends to access files on the home server. The role the administrator plays in the enhancement of the security to the WHS and files was explained. The router is the first line of defense to protect the network from attacks by unauthorized people. We recommend that with the added exposure to more people that a firewall router capable of DPI be used to protect the WHS and network.
In Part 12, we will identify different methods that can be used to permit remote access to the computers on the local network. We identify the role of the administrator and how the WHS secures access to the computers.
In the meantime, we invite your discussion in response to this blog.
This series has been very informative. I was anticipating the next article to be posted today, as they are customarily posted every Sunday. I look forward to Part 12! Keep 'em comin'
Users interested in beefing up web facing security of the remote access website may actually be interested in my addin: twofactorwhs.codeplex.com especially if family members may be logging on from potentially compromised hardware.
gmurray
Would you mind if I downloaded your twofactorwhs add-in and do some testing?. I can either do a product review and/or include the product in Part 17 or the last chapter of the Seried.
Sure,
Currently the only second factor it supports is the Yubikey ($25 from www.yubico.com) hardware token, but I'll be looking into supporting perfect paper passwords at some point too. Let me know what you think. Its a pretty new add in, so things might be a bit rough, but I think the functionality is pretty solid.
I have a dedicated WHS for testing only. I was confused about needing a Yubikey, but the $25 isn't too bad. Does it support USB 1.1?
The Yubikey sounds like the Gordian Key that was used in the mid 80's to achieve C2 level security on PCs. (DoD Orange Book). The Gordian Key was used to authenticate the user. The key was pressed against the CRT screen that displayed a gordian knot. The CRT was used as an input device to read the Key.