Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Newbie
    Join Date
    Sep 2011
    Posts
    2

    Talking Request for Secure File Transfer options...:)

    Request for Secure File Transfer options...
    Last edited by jcoffin; 07-29-2014 at 09:24 AM.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untanglit
    Join Date
    Apr 2011
    Location
    Wickenburg, Arizona
    Posts
    26

    Default

    You did notice in the original post where he requested a Secure file transfer. That would completely eliminate dropbox as an option.

    hytechlawyer.com/?p=339

    news.cnet.com/8301-31921_3-20072755-281/dropbox-confirms-security-glitch-no-password-required/

    zdnet.com/blog/igeneration/dropbox-deceived-users-over-security-files-are-open-to-government-searches/9959

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Yes, and somewhere in there you asked for "security" and placing the transfer mechanism into the network device responsible for securing the network.

    This process by definition eliminates the security potential of the device.

    So I responded with an appropriate answer, that met the directives of the OP, even if that wasn't your intention.

    Also, did you read those links you posted? It requires the hacker to compromise the device the file is already on to gain access to the transfer medium. This isn't any less secure than storing the files on the originating machine.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untanglit
    Join Date
    Apr 2011
    Location
    Wickenburg, Arizona
    Posts
    26

    Default

    I posted three links, each of which addressed a separate problem with the security of dropbox.

    hytechlawyer.com/?p=339

    This flaw was caused because an authentication token grants complete access to the dropbox account. This authentication token is valid even if the password on the account is changed. So, lets say you lose a laptop or an iPhone (or a bad guy even gets access to it for a few moments.) They now have unfettered access to your account. You have no way of knowing. And even if you suspect something is amiss and change your password, they continue to have access. This has been fixed, but only after Dropbox claimed this was a feature and not a bug and initially stated they would do nothing to fix it.

    news.cnet.com/8301-31921_3-20072755-281/dropbox-confirms-security-glitch-no-password-required/

    This was a problem where people could access other dropbox accounts without a password. Hundreds of accounts were compromised. This particular hack has been blocked. But if it happened once (no password!) do we really think dropbox is capable of keeping it from happening again.

    zdnet.com/blog/igeneration/dropbox-deceived-users-over-security-files-are-open-to-government-searches/9959

    Dropbox initially claimed that all files were encrypted and that no one was able to read them. Well, it turns out those were totally false claims. Not only can any Dropbox employee potentially gain access to the files, but they are also made available to any government who supposedly needs access.

    There are a lot of more secure alternatives to Dropbox.

    techpp.com/2010/07/05/dropbox-alternatives-sync-files-online/

    For example, Waula seems to be well put together. Note that all files are encrypted and the only key is in the posession of the user. Therefore, Waula cannot access, allow anyone else to access, or expose through a password verification bug, any of the information.

    wuala.com

    There is a legitimate conversation about whether this is an appropriate app for Untangle. I could, for example, setup my own server to provide this type of service inside my network. This would be more secure than Untangle because my own servers are patched daily unlike Untangle's slow security response cycle. However, this type of service has very little attack surface. It's no where near as large as say scanning emails using clam and spamassassin. Those programs have had several bugs that provided for complete compromise of the system if a specially crafted email was to pass through their queue.

    However, all that being said, I am grateful for Untangle. And this functionality doesn't really match with the core mission of Untangle, so I would much prefer that they focus their resources on improving the network gateway aspects of the program.

  6. #6
    Newbie
    Join Date
    Sep 2011
    Posts
    2

    Default

    I was meaning Secure File Transfer for a business or for SERIOUS SECURITY.....not anything remotely close to a home user or even a home business.

    Like delivering your tax info by sending an email to the Gov't with a secured link to your encrypted tax information.(only available for two hrs lets say)

  7. #7
    Master Untangler
    Join Date
    Oct 2008
    Posts
    913

    Default

    Quote Originally Posted by showtime33 View Post
    I was meaning Secure File Transfer for a business or for SERIOUS SECURITY.....not anything remotely close to a home user or even a home business.

    Like delivering your tax info by sending an email to the Gov't with a secured link to your encrypted tax information.(only available for two hrs lets say)
    That would have nothing to do with untangle then. That would be a server behind untangle.

    Sent from my Inspire 4G

  8. #8
    Newbie
    Join Date
    Jun 2011
    Posts
    5

    Default

    I don't know the first thing about dropbox, nor do I want to get involved with that discussion. Is ssh a solution for you? scp is the secure copy command to transfer files encrypted by ssh, a Windows version is called WinSCP. This is assuming you are copying to and from the UT box, not through it.

  9. #9
    Master Untangler
    Join Date
    Aug 2008
    Posts
    639

    Default

    I'm looking to implement a web based secure file transfer mechanism behind untangle. Has anyone here used ZendTo (www.zend.to)?

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Zend.to? If I wanted to do that I'd just setup a password protected folder on my Apache server with directory listing enabled. Back that up with a samba share pointed at the same folder and my users can put files on the server themselves, and pass out a login for others to get at said files.

    Attempting this sort of thing on a hosted platform would make things easier. However, the bandwidth costs can get a bit intense.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2