Any way to mitigate the risk of sharing the root of a drive?

[TechnoPro]

I know it's considered a bad practice to share the root folder of a drive.

There's a company I'm working with that uses software which requires that the entire C drive on the server be shared out with full permissions.

Security wise, is my only option to simply ensure that other layers of security (both technical and procedural) are maintained at a high level? I should add that the threat I am most concerned with is from the outside (ie. internet).

 

[Genx87]

What software is this? Ill make sure to never buy it.

 

[Cheetah8799]

What software is this? Ill make sure to never buy it.

agreed. that's a really bad software design. I suggest you find out exactly what on the hard drive they need access to, then try to restrict it if possible. If you're really worried, you could setup something like a Smoothwall or IPCop firewall in front of it and only allow access to it from specific IP addresses of client machines that will access it. Maybe setup a software firewall on the server instead if it can handle any extra load.

 

[Goosemaster]

Does the program itself have a domain account?

If so, only allow account access to that account.


Also try using DFS or just creative partitioning.

 

[TechnoPro]

Originally posted by: Genx87
What software is this? Ill make sure to never buy it.

No worries. It's software that runs a video store.

Realistically, the root folder does not need to be shared, but tech support strongly encourages this practice to help them better troubleshoot problems. When I first came onsite, I unshared the root and only shared out the needed folders.

The system worked fine, until we needed to do some advanced tweaking. Tech support (the majority of whom were very competent) had a hard time walking us through the procedures since our mapped netowrked drives pointed to different folders than what they were accustomed to. So I switched things back to the wide open way. And now my professional guilt has kicked in and I am thinking of security ramifications.