Solved

Securing a hosted file folder online

Posted on 2015-02-04
4
139 Views
Last Modified: 2015-04-29
We bought some online storage (through GoDaddy) to store reports that are mailed to constituents. The data in the reports isn't extremely sensitive, but I'd like to at least make sure we're doing the right thing in terms of protecting information. We simply use the site to FTP the document and reference it as a link in an e-mail to download.

What would be some best practices for the site to ensure its secure?
0
Comment
Question by:pstiffsae
  • 2
4 Comments
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 250 total points
ID: 40589355
For the transfer you should be using the secure version of FTPS instead of just FTP.

The real problem is putting the download link in an email.  Email is not secure.  Anything in an email should be considered as public, because there are no secrets in the email word the second you use an email server that is on the internet.  Email is the most abused and hacked means of communication in the history of the human race.  if you need even minimum security then you need a login protocol at the download location that is robust and well tested to insure that proper authentication is part of the process.

Cd&
0
 

Author Comment

by:pstiffsae
ID: 40589407
Dumb question but putting the site behind a SSL, couldn't hurt or basically does nothing in this application?
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 40589461
Using SSL makes sense in any case.  The login for download would have to be the point of attack for any serious attempt at theft; and that is where you need hardened defenses.  The email can be compromised to discover the link, but it won't allow access to the data if there is a secure login required.

Cd&
0
 
LVL 16

Accepted Solution

by:
Lucas Bishop earned 250 total points
ID: 40595219
I'd recommend password protecting the files themselves and also password protecting the directory that the files are stored in.  

At the directory level, you'd create user permissions, so that you can provision each user who has access. If for some reason the person should no longer have access, you'd just remove their user. This is more secure than using a single shared password that you share amongst many people. Only these users would be able to download from the directory.

For the files themselves, you can password protect PDF/Excel/etc files so that the user needs to type in a password to open the file. This way even if someone gains access to the directory, they don't necessarily have access to the contents of the files.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
An analysis of the phishing scam that has been affecting Google users, along with steps to take for protection, as well as what to do if you receive one of the emails.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now