MrSoftware
- Joined Oct 29, 2013
- 2,273
There are multiple aspects to look at. You're looking at the first, which is proper server configuration. i.e. how to configure the server such that users can only do what you want them to do (jailed in their own directory), and what options to use to keep logins and data secure (MFA, sftp encryption required, VPN required, IP address limits, each users directory individually encrypted with different keys, etc.. whatever is appropriate for your situation). Also the machine must be monitored to be sure every piece of software is kept up to date and security vulnerabilities are patched quickly. Additionally you must ask what happens when the bad guy realizes that a specifically crafted command, executed remotely, breaks the server in a way that gives them an administrator level shell into the system? Once inside, what can they access? What other machines on the network could be vulnerable? If the bad guy erases everything or executes ransomware, are your backups good enough, and will the downtime kill your business? Questions like this. For a recent example, check out the log4j vulnerability that set the security world on fire for a bit. Scroll down to the "How the Log4Shell vulnerability works", hopefully I got this link right:
How the Log4Shell vulnerability works
Software today relies on so many open source and shared libraries, often one vulnerability in one library can affect a great number of machines (such as log4j), and the bad guys quickly automate attacks then sell automated attack tools as commodities. Ransomware is perhaps the most prevalent example of commoditized malware today. The people doing the attacks no longer have to be hacker experts, they just buy the tools and follow the instructions to use them. The cost of the tool is the price of doing business. For this reason, if you're going to be handling super sensitive data, it may be worth looking into a company that specializes in selling secure file sharing services. You pay them a fee, they give you a site that you configure how you want and they handle all the dirty work on the back end. One example of this would be Google Drive, or Microsoft One Drive. You pay them a fee, they give you storage space and they handle all of the server side work. I believe there may even be ftp access available for both of these. I'm not sure if one of these fits your needs, there are others, but it's an example of hiring someone to handle the back end for you.
How the Log4Shell vulnerability works
Software today relies on so many open source and shared libraries, often one vulnerability in one library can affect a great number of machines (such as log4j), and the bad guys quickly automate attacks then sell automated attack tools as commodities. Ransomware is perhaps the most prevalent example of commoditized malware today. The people doing the attacks no longer have to be hacker experts, they just buy the tools and follow the instructions to use them. The cost of the tool is the price of doing business. For this reason, if you're going to be handling super sensitive data, it may be worth looking into a company that specializes in selling secure file sharing services. You pay them a fee, they give you a site that you configure how you want and they handle all the dirty work on the back end. One example of this would be Google Drive, or Microsoft One Drive. You pay them a fee, they give you storage space and they handle all of the server side work. I believe there may even be ftp access available for both of these. I'm not sure if one of these fits your needs, there are others, but it's an example of hiring someone to handle the back end for you.
