SMB Shares Dangerous?

[Brad Baker]

A number of our employees access our windows servers using either mapped
drives or UNC paths with vpn. I am somewhat concerned that accessing our
servers this way may pose a security risk as a number of viruses proliferate
through network shares.

The shares are password protected so users do have to authenticate to access
them but as far as I know once they have authenticated, their credentials
are cached for a period of time. Also with mapped drives in particular I
believe login information is saved permanently.

I'm wondering what others thoughts are on this matter and if anyone can
point me to any articles that confirm or deny the risk (or lack there of)
for using mapped drives and/or UNC paths. Finally if there is a risk, are
there other alternatives?

Thanks
Brad

 

[Roger Abell [MVP]]

Since a VPN connection effectively makes the machine that is
using VPN into a machine on your network, all considerations
apply that one normally has. As you note, there are malwares
that attempt to spread via share accesses (unc or mapped).

The difference of course is that you might have the machines
on your network more tightly controlled than those allowed to
obtain the VPN connection. The route presently used most
widely to address this difference is a quarantine network, also
spoken of as network access protection, so that the initial VPN
connection is to a restricted vlan until the connecting machine
has been validated as meeting the specified health/config checks.

Roger