11-09-2004 - Adding Extra Security to Serv-U
Welcome to another installment of the RhinoSoft.com newsletter. You are getting this newsletter because you signed up on our web site. If you would like to stop receiving these newsletters, please visit: http://www.RhinoSoft.com/newsletter/unsubscribe.asp
The intent of this newsletter is to give you some pointers on our products. This newsletter focuses on securing Serv-U for sensitive data.
Adding Extra Security to Serv-U
The Internet is a wonderful network allowing everyone to share information. Because the Internet is so open and available worldwide, it is often critical to protect digital assets while allowing access to authorized companies, employees, and associates.
Serv-U allows you to protect your data in several ways. The following are a few ways you can protect your data:
1) Use strong passwords. When creating accounts, create passwords that include both upper and lower case letters and include at least one number. Be sure your passwords are 8 characters or longer. Avoid using passwords that can be found in a dictionary.
2) Use "OTP S/Key MD5" for password authentication. When using this type of authentication, the FTP client never sends the actual password over the Internet. Only a hashed representation is sent in response to the Server. FTP clients, such as FTP Voyager (http://www.ftpvoyager.com) automatically support S/Key password authentication, however some do not.
This setting, in Serv-U, is the last field under "General" when a user is selected in the left-hand pane. NOTE: When changing to an S/Key authentication method, you will need to re-enter the user's password under the "Account" tab.
3) Use SSL connections only. SSL can be selected under the Security field in the "Domain" tab for a domain. SSL is your best choice to protect your actual data and password since all information transferred between Serv-U and the client is encrypted using very strong encryption.
When using SSL, the FTP client must also support SSL. One example is FTP Voyager (http://www.ftpvoyager.com).
NOTE: SSL is available in Serv-U Standard Secure, Serv-U Professional, and Serv-U Corporate only.
4) When clients are connecting from known IP addresses or known ranges of IP addresses, enable access to the server for those IP addresses only. For a domain, this setting is found under "Settings" and "IP Access". For a user, the same information may be entered under the "IP Access" tab when the user is selected. Enter approved only IP addresses to enable certain IP addresses only. When unapproved IP addresses try to connect, the connection is refused by Serv-U.
By using all or some of the above suggestions you can be assured your data is secure and safe.
FREE SUPPORT OPTIONS
If you need technical or sales support, please use one of the following URLs. Our support turn-around time is very fast during normal working hours Central Time U.S.:
ON-LINE CUSTOMER SERVICE
If you need to change any of your customer information, you can make changes on-line. The RhinoSoft.com On-line Customer Service page allows you to resend your registration ID, receipt, invoice, and change your information in our database. To use visit:
Mark P. Peterson - Vice President
Voice: +1(262) 560-9627
FAX: +1(262) 560-9628