Solved

Securing a hosted file folder online

Posted on 2015-02-04
4
138 Views
Last Modified: 2015-04-29
We bought some online storage (through GoDaddy) to store reports that are mailed to constituents. The data in the reports isn't extremely sensitive, but I'd like to at least make sure we're doing the right thing in terms of protecting information. We simply use the site to FTP the document and reference it as a link in an e-mail to download.

What would be some best practices for the site to ensure its secure?
0
Comment
Question by:pstiffsae
  • 2
4 Comments
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 250 total points
ID: 40589355
For the transfer you should be using the secure version of FTPS instead of just FTP.

The real problem is putting the download link in an email.  Email is not secure.  Anything in an email should be considered as public, because there are no secrets in the email word the second you use an email server that is on the internet.  Email is the most abused and hacked means of communication in the history of the human race.  if you need even minimum security then you need a login protocol at the download location that is robust and well tested to insure that proper authentication is part of the process.

Cd&
0
 

Author Comment

by:pstiffsae
ID: 40589407
Dumb question but putting the site behind a SSL, couldn't hurt or basically does nothing in this application?
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 40589461
Using SSL makes sense in any case.  The login for download would have to be the point of attack for any serious attempt at theft; and that is where you need hardened defenses.  The email can be compromised to discover the link, but it won't allow access to the data if there is a secure login required.

Cd&
0
 
LVL 16

Accepted Solution

by:
Lucas Bishop earned 250 total points
ID: 40595219
I'd recommend password protecting the files themselves and also password protecting the directory that the files are stored in.  

At the directory level, you'd create user permissions, so that you can provision each user who has access. If for some reason the person should no longer have access, you'd just remove their user. This is more secure than using a single shared password that you share amongst many people. Only these users would be able to download from the directory.

For the files themselves, you can password protect PDF/Excel/etc files so that the user needs to type in a password to open the file. This way even if someone gains access to the directory, they don't necessarily have access to the contents of the files.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
one-way data "masking" MD5 sql 26 104
API Soap Calls 4 62
How can I split the array as 4 rows per line? 5 64
WEB Farm 6 26
"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now