Solved

Securing a hosted file folder online

Posted on 2015-02-04
4
143 Views
Last Modified: 2015-04-29
We bought some online storage (through GoDaddy) to store reports that are mailed to constituents. The data in the reports isn't extremely sensitive, but I'd like to at least make sure we're doing the right thing in terms of protecting information. We simply use the site to FTP the document and reference it as a link in an e-mail to download.

What would be some best practices for the site to ensure its secure?
0
Comment
Question by:pstiffsae
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 250 total points
ID: 40589355
For the transfer you should be using the secure version of FTPS instead of just FTP.

The real problem is putting the download link in an email.  Email is not secure.  Anything in an email should be considered as public, because there are no secrets in the email word the second you use an email server that is on the internet.  Email is the most abused and hacked means of communication in the history of the human race.  if you need even minimum security then you need a login protocol at the download location that is robust and well tested to insure that proper authentication is part of the process.

Cd&
0
 

Author Comment

by:pstiffsae
ID: 40589407
Dumb question but putting the site behind a SSL, couldn't hurt or basically does nothing in this application?
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 40589461
Using SSL makes sense in any case.  The login for download would have to be the point of attack for any serious attempt at theft; and that is where you need hardened defenses.  The email can be compromised to discover the link, but it won't allow access to the data if there is a secure login required.

Cd&
0
 
LVL 17

Accepted Solution

by:
Lucas Bishop earned 250 total points
ID: 40595219
I'd recommend password protecting the files themselves and also password protecting the directory that the files are stored in.  

At the directory level, you'd create user permissions, so that you can provision each user who has access. If for some reason the person should no longer have access, you'd just remove their user. This is more secure than using a single shared password that you share amongst many people. Only these users would be able to download from the directory.

For the files themselves, you can password protect PDF/Excel/etc files so that the user needs to type in a password to open the file. This way even if someone gains access to the directory, they don't necessarily have access to the contents of the files.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question