| Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
| security [2018_01_30 19:14] – [5 Document Security] steven | security [2019_04_10 18:15] – steven |
|---|
| |
| |
| |
| |
| ====== Security ====== | ====== Security ====== |
| |
| ===== 1 Data Center ===== | ===== 1 Data Center ===== |
| |
| |
| |
| {{:/security:steps:sme_1_data_center.png}} | {{:/security:steps:sme_1_data_center.png}} |
| |
| |
| ===== 2 On the wire security ===== | ===== 2 Encrypted Data in Motion ===== |
| |
| | {{:/security:steps:sme_2_on_the_wire_security.png}} |
| |
| | HTTPS is configured by default for all users of the Cloud File Server SaaS users and Appliance. |
| |
| {{:/security:steps:sme_2_on_the_wire_security.png}} | A commercial server that uses HTTPS must have a public key certificate issued that verifies the entity. The end-user can verify the entity by clicking on the HTTPS icon from the browser. |
| |
| HTTPS can be configured for all users of the Cloud File Server Saas users and Appliance. HTTPS is an acronym for hypertext transfer protocol secure. HTTPS is similar to the normal hypertext transfer protocol, except tt is different because the âSâ at the end identifies it as having a secure HTTP connection. \\ \\ A HTTPS connection is used often in businesses where sensitive information, such as credit card numbers, are being passed along at point of purchase sites or other commerce sites The https protocol gives assurance that potential hackers are not able to intercept the message containing sensitive data as it is sent to its destination.\\ \\ A commercial server that uses HTTPS must have a public key certificate issued that verifies the entity. The end-user can verify the entity by clicking on the HTTPS icon from the browser. | Clients should connect to the File Fabric appliance using a URL that starts with HTTPS. (This is the default). A valid certificate is required. |
| |
| | Administrators should also connect to storage providers using HTTPS. For storage providers with a fixed endpoint including AWS S3, Azure, Google Cloud Storage the File Fabric always uses HTTPS. |
| |
| ===== 3 Data Security ===== | ===== 3 Data Security ===== |
| |
| |
| | {{:/security:steps:sme_3_data_security.png}} |
| |
| {{:/security:steps:sme_3_data_security.png}} | Storage Made Easy can be used to encrypt data transmitted to any cloud that is mapped to a user personal, Cloud File Server, or Appliance account. SME uses [[http://en.wikipedia.org/wiki/Advanced_Encryption_Standard|AES]]-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of: |
| | * an initial Round Key addition |
| | * Nr-1Rounds |
| | * a final round. |
| | |
| | The chaining variable goes into the input and the message block goes into the âCipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael; |
| | |
| | Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. We also provide free desktop decryption tools for [[https://storagemadeeasy.com/clients_and_tools#Mac|Mac]], [[https://storagemadeeasy.com/clients_and_tools#Windows|Windows]] and [[https://storagemadeeasy.com/clients_and_tools#Linux|Linux]] that enable the decryption of a file if you download it directly from a mapped cloud ie. without any access to the SME service. |
| |
| Storage Made Easy can be used to encrypt data transmitted to any cloud that is mapped to a user personal, Cloud File Server, or Appliance account. SME uses [[http://en.wikipedia.org/wiki/Advanced_Encryption_Standard|AES]]-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:\\ \\ - an initial Round Key addition\\ - Nr-1Rounds\\ - a final round.\\ \\ The chaining variable goes into the âinputâ and the message block goes into the âCipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael;\\ \\ Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. We also provide free desktop decryption tools for [[https://storagemadeeasy.com/clients_and_tools#Mac|Mac]], [[https://storagemadeeasy.com/clients_and_tools#Windows|Windows]] and [[https://storagemadeeasy.com/clients_and_tools#Linux|Linux]] that enable the decryption of a file if you download it directly from a mapped cloud ie. without any access to the SME service.\\ \\ The Wiki entry on encryption has further details. | The Wiki entry on encryption has further details. |
| |
| |
