Question : Network Security Best Practices and Encryption

What are your views on the best practices for securing the files on a small firm's network file server?

This question is intended more as a discussion rather than one that seeks a single best answer. I hope we can all benefit from an exchange of views. Assume the small firm is using a MS Windows file server running either one of the MS Windows Server versions or even MS Windows XP in a peer-to-peer network. The best practice may differ significantly for those two environments.

Encryption is an excellent technology for protecting the contents of laptops when they are out of the office. But is it a best practice to encrypt a shared network drive using software like TrueCrypt (www.truecrypt.org) or PGP Corporation's products?

You can encrypt a shared network drive, but what protection does that give you? If your firewall is breached while your users are logged in to the network with transparent access to the encrypted files, then the encryption doesn't really add much to your safety, does it?

If your firewall is breached while no one is logged into the network, are you any worse off without disk encryption? Thank you for your responses.

Answer : Network Security Best Practices and Encryption

This link seems promissing:

http://www.experts-exchange.com/Security/Encryption/Q_23192028.html