Security Issues related to your FTP and Web site

This document reviews the security mechanisms that are available at CAPECOM. These measures are intended to make sure that files which reside in your FTP/Web site on CAPECOM servers are only made available to appropriate people. There are many aspects to making sure that your web site is secure. CAPECOM has a number of technologies available. We have also implemented policies at CAPECOM to directly address well known security issues. In turn, you as the administrator of the site, should give careful consideration and implement an appropriate security policy.

Means of Access

Your FTP/Web site at Cape.Com is essentially a directory (with optional subdirectories) that can only be accessed by providing a username and password. If someone has the correct username/password pair, they can get complete access to this directory space. Cape.Com provides, essentially, three different mechanisms to view files in this space.

• With an FTP program. An FTP program provides access to anyone on the Internet who knows your FTP address, username, and password. With an FTP program, files can be uploaded (sent to your site), downloaded (sent from your site) or deleted.
• With an SSH or Telnet program. SSH or Telnet access allows someone to execute commands or directly run programs or scripts from your directory space on our Cape.Com server.
• With a web browser. All files in a subdirectory of your space, by convention called 'public_html', can possibly be viewed by anyone on the Internet with a web browser. Access to these files does not require a username/password. All a visitor needs to know is the web address.

The Use and Abuse of Passwords

Clearly, the first line of defense against unauthorized access is keeping your password secret. If, at any time, you think that your password has been compromised, change it. As an account manager, you can use our on-line accounting system to change the password directly.

Passwords on all Cape.Com servers are stored in an encrypted form. CAPECOM personnel can't even tell you what that password is. For a given user, the same password is used for a dialup log-in connection, for checking email, and for logging into the FTP site.

Frequently, an FTP/Web site gets used for a number of purposes. Some sub-directories are used to store backup files, perhaps others are used to allow your customers to upload files to you. At the same time, your webmaster may need access to update files on your web site. Having multiple users, all knowing the username/password pair typically represents a security breach. Your customer, who you've given the password to, may not be vigilant in keeping it secret.

A mechanism to maintain control is to add Associate users on your account and give those users their own FTP site. Each FTP site, then is serving one purpose. Files in one FTP site cannot be seen from a different user's FTP site.

For instance, let's say you need shared storage space to transfer files back and forth to outside users for a specific project. Add an associate user on your site and give the user a unique username and password. Pass this username/password pair out to your project co-workers. When the project is completed, delete the associate user and their FTP site.

Restricted SSH or Telnet Access

On many UNIX servers, when a user logs in via SSH or Telnet, they frequently get access to more than just their directory space. Access is provided, as well, to directories containing system configuration files or system programs. There have been a number of reported cases where, because the server was improperly configured, users were able to view files in other user's directory space. This is clearly a breach in security and Cape.Com considers this situation unacceptable. As a result, Cape.Com has developed a proprietary solution which allows SSH or Telnet access to a user's directory space and nothing else. All programs which the user runs and all programs which are run by the web server for that user (cgibin programs) are executed in this restricted environment. You can't list or view files outside of your directory space. More importantly, no other user can see your files. This restriction is transparent and, in no way, reduces the functionality of your site.

Additional Security for Sensitive Information

For highly sensitive information (credit card numbers, financial or personal information), it is generally a good practice to have multiple layers of security. A breach of one security mechanism would not represent a break-in if the bad guy couldn't breach the next layer. Cape.Com strongly recommends that all files on your FTP site which contain sensitive information be encrypted. We use a public/private key encryption program called PGP (Pretty Good Privacy). For commercial use, the program is relatively inexpensive (under $200) and provides a fail-safe means of protect your data.

If the Cape.Com Web development team designs and deploys your web site, and the site requires the storage or transmittal of any sensitive information, then, as a policy, we will require the use of encryption to secure that information.

Cape.Com would be happy to provide assistance in setting up PGP on our servers as well as on your computer systems. We're also available to provide advise and consultation on information and computer security policies and practices.

Related Pages

Related Links