An online workshop entitled "How to Configure Your Sharetru Firewalls at the Site Level and at the User Level" was conducted in October 2015.
An Overview of the Workshop
Throughout the 30 minute presentation, we discussed a wide range of security-related topics including:
- Network level firewalls and intrusion prevention systems managed by Sharetru.
- Site level firewalls managed by FTP site administrators:
- User level firewall rules, also managed by site administrators:
- Restricting specific users by their remote IP address,
- Restricting specific users by protocol or
- Restricting users by both their IP address and protocol.
The intention behind each of the multiple security layers that Sharetru offers was discussed. The network level firewalls, for example, are designed to both protect all machines or servers within the Sharetru Virtual Data Center in order to both detect and prevent certain types of attacks that may occur. Site level firewalls are specifically designed to protect an FTP site as a whole while user level firewalls are designed to place a series of finer restrictions on each user.
Securing the Network Layer
We went into greater detail about the various types of hardware and software firewalls that exist in front of every FTP site hosted by Sharetru for the mutual benefit of all customers. Two fault-tolerant hardware firewalls are designed to route traffic both to and from FTP servers in a very specific way, based entirely on the needs of the enterprise. All inbound connections are limited to only valid service ports, with only 5 of the 65000+ TCP ports being open for connection.
Software firewalls, also referred to as Hacker Blocker™, run on every Sharetru server. Not only do these firewalls prohibit denial of service attacks, but there are also several other fully proprietary firewall rules based on attack heuristics that are typically seen when servers are hosting FTP and SFTP applications. These rules have been developed over more than 15 years of FTP hosting and are undisclosed so as to offer a deeper level of protection, as well as to maintain a competitive advantage over other FTP services providers.
Securing the Site Layer
Next we discussed certain powers that are given to the site administrator by Sharetru. We covered the use of Sharetru’s Protocol Blocker™, which is designed to limit all users to certain types of inbound connections to an FTP site -- to specific protocols like FTP, FTPS, SFTP, and HTTPS. It was pointed out that only three secure protocols are enabled when a new FTP site is delivered by Sharetru to a new customer.
We also discussed the Country Blocker™, which utilizes a commercial database of worldwide IP addresses and gives site administrators the ability to only allow access from certain countries. If you choose to allow only the United States, for example, connections from all other countries in the world will be automatically denied.
Securing the User Layer
Finally, we demonstrated how individual users can be restricted based on their remote IP address and how they can also be restricted to using certain protocol(s). We demonstrated that, after setting up some sample rules, our attempts to connect were blocked.