Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 150
  • Last Modified:

Securing a hosted file folder online

We bought some online storage (through GoDaddy) to store reports that are mailed to constituents. The data in the reports isn't extremely sensitive, but I'd like to at least make sure we're doing the right thing in terms of protecting information. We simply use the site to FTP the document and reference it as a link in an e-mail to download.

What would be some best practices for the site to ensure its secure?
0
pstiffsae
Asked:
pstiffsae
  • 2
2 Solutions
 
COBOLdinosaurCommented:
For the transfer you should be using the secure version of FTPS instead of just FTP.

The real problem is putting the download link in an email.  Email is not secure.  Anything in an email should be considered as public, because there are no secrets in the email word the second you use an email server that is on the internet.  Email is the most abused and hacked means of communication in the history of the human race.  if you need even minimum security then you need a login protocol at the download location that is robust and well tested to insure that proper authentication is part of the process.

Cd&
0
 
pstiffsaeAuthor Commented:
Dumb question but putting the site behind a SSL, couldn't hurt or basically does nothing in this application?
0
 
COBOLdinosaurCommented:
Using SSL makes sense in any case.  The login for download would have to be the point of attack for any serious attempt at theft; and that is where you need hardened defenses.  The email can be compromised to discover the link, but it won't allow access to the data if there is a secure login required.

Cd&
0
 
Lucas BishopClick TrackerCommented:
I'd recommend password protecting the files themselves and also password protecting the directory that the files are stored in.  

At the directory level, you'd create user permissions, so that you can provision each user who has access. If for some reason the person should no longer have access, you'd just remove their user. This is more secure than using a single shared password that you share amongst many people. Only these users would be able to download from the directory.

For the files themselves, you can password protect PDF/Excel/etc files so that the user needs to type in a password to open the file. This way even if someone gains access to the directory, they don't necessarily have access to the contents of the files.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now