Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Securing a hosted file folder online

Posted on 2015-02-04
4
Medium Priority
?
146 Views
Last Modified: 2015-04-29
We bought some online storage (through GoDaddy) to store reports that are mailed to constituents. The data in the reports isn't extremely sensitive, but I'd like to at least make sure we're doing the right thing in terms of protecting information. We simply use the site to FTP the document and reference it as a link in an e-mail to download.

What would be some best practices for the site to ensure its secure?
0
Comment
Question by:pstiffsae
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 1000 total points
ID: 40589355
For the transfer you should be using the secure version of FTPS instead of just FTP.

The real problem is putting the download link in an email.  Email is not secure.  Anything in an email should be considered as public, because there are no secrets in the email word the second you use an email server that is on the internet.  Email is the most abused and hacked means of communication in the history of the human race.  if you need even minimum security then you need a login protocol at the download location that is robust and well tested to insure that proper authentication is part of the process.

Cd&
0
 

Author Comment

by:pstiffsae
ID: 40589407
Dumb question but putting the site behind a SSL, couldn't hurt or basically does nothing in this application?
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 40589461
Using SSL makes sense in any case.  The login for download would have to be the point of attack for any serious attempt at theft; and that is where you need hardened defenses.  The email can be compromised to discover the link, but it won't allow access to the data if there is a secure login required.

Cd&
0
 
LVL 18

Accepted Solution

by:
Lucas Bishop earned 1000 total points
ID: 40595219
I'd recommend password protecting the files themselves and also password protecting the directory that the files are stored in.  

At the directory level, you'd create user permissions, so that you can provision each user who has access. If for some reason the person should no longer have access, you'd just remove their user. This is more secure than using a single shared password that you share amongst many people. Only these users would be able to download from the directory.

For the files themselves, you can password protect PDF/Excel/etc files so that the user needs to type in a password to open the file. This way even if someone gains access to the directory, they don't necessarily have access to the contents of the files.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question