I'm new to this site and web hosting. I would like to know your expert opinion on a problem I have regarding hosting/designing my application. Users of my website upload highly sensitive files to the server. I'll use SSL but will that be enough since the files are not encrypted on the server. I tried to encrypt the files but that is adding a huge overhead.
My first question is - is it a good idea to store the files on the server rather than a database? My other question is regarding hosting; I'm thinking of building my own server and host it in a colo. Is colo more secure than dedicated hosting? Currently i'm still in the process of developing my App and my environment is Windows Server 2008/SQL Server 2005.
Any comments/suggestions are highly appreciated. I'm so confused how to host my App since the data is highly sensitive.
1. If you can't trust the files to be unencrypted on your HD, then there's no point in putting them into a database. Once you're in, you're in.
2. The HTTPS encryption is for point-to-point coverage of the file and any other data during it's transmission. This is to prevent sniffing of the contents while in transit.
3. Colo/Dedicated, same thing from a security standpoint, it comes down to the admin running the machine.
4. This may start a war, but Windows is generally harder to secure than a Linux based OS. This is due to a variety of reasons, but the long and the short of it is basically that people generally have more experience with linux, have used it longer and are more open with their discussions of security and it's implementation.
1. are you worried about the files being viewed by another user or app on the server? or if someone physically got hold of the server and tries to read the HDD data? You may want to look into an encrypted mount point (i dont think this can be done on a Windows box) where all data is auto encrypted if the latter is the case. if the prior is the case - i would assume a strict file permission should take care of that (again, I'm not sure if this can be done on a windows box, but any *nix variant should be able to do it)
2. Any box can be rooted if you have physical access to it - so dedicated or colo'd is pretty much on the same boat (unless you have your own cabinet that you can padlock yourself =) )
3. If you have an OS choice for your development - I would recommend looking into Linux or better yet something like FreeBSD/OpenBSD for the reason i mentioned in #1. Not to start an OS war - I just prefer FreeBSD due to the less kernel security issues compared to Linux
i think if someone rooted your server ..it doesnt matter if the files are encrypted or not ..the probability of them decrypting it is very high. You're main concern is making sure the server itself can withstand the assault. Historically window based deployments have been more susceptible to getting rooted.
One possible approach is to have your app on a windows box and then have it store the data in a more secure *nix server and only provide limited access to it. In a sense your windows box acts as a middleware. Its really hard to give you ideas not knowing what or how your app works.
The best to do is to secure the server so that no one can hack it. But I understand it's not that easy for everyone.
However, another way to secure it would be to use encrypted containers. I'm not a Windows expert but apps like TrueCrypt could do the job.
1/ when a user creates an account, your server creates a fully encrypted container for him/her.
2/ when the user logs in, the container is mounted/decrypted.
3/ user uploads his/her files to the container.
4/ when user logs out, the container is unmounted.
Only the container creation may take a while (although some apps can create a small one and increase its size when needed), all other operations will be transparent to the user (on-the-fly encryption).
1. Yes it is safe if you harden server , but databases alwasy have security issues .
2. there is nothing for Security that can be more than dedicated hosting. but colo is not Good for m myself because i want to upgrade my server every 6 months and you can not do that with colo. and a fullymanaged colo with a good bandwidth costs more than a dedicated server which is rented.
3. i use PHP myself and i do not like microsoft products.
My main worry is if someone hacks into the server (not physically) and get a hold of the files. Can this be even possible (well it may be) but how hard is it to do something like that.
it happens more often than you think. It more comes down to system management and how diligent you are in making sure your system is hack resistant. Its more than just building an app, specially if you are handling sensitive information (like medical records), you need to design with security in mind from the get go (choice of OS, security layers, code audits and the endless maintenance of the system)
To answer DJMitz73, let me explain how my app works. Our clients will upload files containing sensitive information to the server. Once uploaded, they cannot be viewed/accessed by the client(s). The Administrators on the site can only view the files (this is achieved by role based authentication in asp .net).
To explain this in detail the directory containing the web pages to access the files and the directory containing the files itself can be accessed by the ‘Administrators’ role in the system. This is configured in a xml configuration file in each directory. If someone can hack this configuration file and change the key to ‘Clients’ (which is again a role), the information is compromised. But I will encrypt the configuration file so, that should protect from any attack though it is not 100% secure.
I use truecrypt very often on my personal machine and I love it. I will do research if they have any API for the kind of encryption you are talking.
I’m not at all worried about my Database since it doesn’t have any critical information. I will definitely look into the best practices to “harden the server”. I would really appreciate if you have any particular ideas.
Since I’m not worried about my DB I can use your solution with a separate File Server in the LAN. I should look into a design like this. As DJMitz73 suggested if this File Server is a *nix box that will be the best solution.
I think the two server approach is a good one. And if it is not in the budget you could do it on a VM system like a small xen setup. Though then securing the host node. But if to close all ports except SSH on the host node and use a VPN setup or IP blocking your host node should be safe.
Then you would just need to transfer files from the non public VPS to the Public VPS before transmission back to the client.
But I would only recommend that if two physical servers is really not an option. If you basically put in some intrusion alerts on the public box you could have it automatically shut down the file server upon an intrusion before the intruder could get into the file box. The only way they would know to immediately look is by knowing the intricate parts of your company.
Either way if you take as much of this advice as you can into your setup. You should be confident in selling a "secure" solution to your clients.
█ eSited LLC - Dedicated Servers, VPS, Managed Hosting
█ Nullivex LLC - Web Services, PHP Development, System administration.
█ Visit http://www.esited.com/ or Email contact[at]nullivex.com
Amazon keeps having downtime. keep the files in the database and assign each user a specific rotating key or a token system. Data on the database can be transparently encrypted for you and you can haver more complex and strict business rules.