The most effective method of securing your network is to assign correct privileges for each file, folder, and share point you create. You can use the Server app to restrict which users or groups have access to files, folders, and share points.
Encrypt your connection
Unless the performance tradeoff is too high for you, always encrypt your file sharing connections.
Restrict guest access
When you configure any File Sharing service, you can turn on guest access. Guests are users who connect to the server anonymously without entering a user name or password. These guest users who connect anonymously are restricted to files and folders that have read or write privileges enabled for Everyone Else.
Disable access for guests or anonymous users over AFP and SMB.
Restrict access to files
To protect your information from unauthorized access, and to prevent people from introducing unauthorized software, take the following precautions by using File Sharing in the Server app:
Share individual folders instead of entire volumes. The folders should contain only those items you want to share.
Be careful when creating and granting access to share points, especially if you’re connected to the Internet. Granting access to everyone could expose your data to anyone on the Internet.
Depending on the controls you want to place on guest access to a share point, consider the following options:
Set privileges for Everyone Else to No Access for files and folders that guests shouldn’t access. Items with this privilege setting can be accessed only by the item’s owner or group.
Put all files available to guests in one folder or set of folders and then assign the Read Only privilege to the Everyone Else category for that folder and each file in it.
Assign Read & Write privileges to the Everyone Else category for a folder only if guests must be able to change or add items in the folder. Make sure you keep a backup copy of information in this folder.