Configuration and Security Best Practices

Below is a collection of suggestions and guidelines for installing, configuring, and deploying the Server and/or DMZ Gateway software in a production environment, including best practices for security.

Development Lab Environment

As with any mission-critical software or hardware, it is recommended that a testing, validation, development, or usability lab be established to provide a "sandbox" into which EFT Server and DMZ Gateway Server software can be deployed. This initial deployment allows for validation of the interoperability with other dependent components as well the validation of expected usage scenarios.

The lab environment should emulate (if not duplicate) the production environment at a network topography and application level. To do this, a clear vision of the production network and the proposed deployment of EFT Server and DMZ Gateway must exist. Typical deployments of EFT Server and DMZ Gateway consist of many other components from the enterprise, including Active Directory Server, SQL Server, SMTP Server, and a storage system such as a SAN . For DMZ Gateway, a firewall such as Microsoft ISA might be applicable. Finally, some deployments also include Clustering, in which case various components are replicated to provide clustered resources.

For increased business continuity and risk mitigation, you should use the development lab environment as the starting point for any configuration changes in the system. That is, make the change in development and validate it prior to making the change in production.

icon_info.gif

A good testing tool is CuteFTP Professional.

Configuration Checklist

The installation and configuration of EFT Server in either a lab or a production environment should be validated by EFT Server administrators/operators to ensure that the functions are working as expected. Use the checklist below to validate key items for a Server and DMZ Gateway deployment. Print a PDF of the table below to check off items as you test. (You need Acrobat Reader to open the PDF.) Also refer to the section below this table for Security Best Practices.

Service

blankcheck.gif

Make sure that the GlobalSCAPE Server service is started on the computer.

blankcheck.gif

Make sure that the service is listening on the expected IP:PORT socket addresses on EFT Server. (To view the listening sockets, use "netstat -ona" from a command line or an application such as PrcView or TcpView.)

blankcheck.gif

Check the Event Viewer log to ensure that there are no errors in the Application log related to EFT Server or DMZ Gateway Server.

blankcheck.gif

Confirm that the administration interface shows the status of the system when it is launched and connected to EFT Server.

Server User Management

blankcheck.gif

For each Site on EFT Server, ensure that the expected user accounts exist.

blankcheck.gif

To ensure that authentication is working as expected, attempt to log in to EFT Server as a user account on the system (using any protocol).

blankcheck.gif

To confirm that permissions for the user account are working as expected, attempt a file transfer.

Protocol/Network

blankcheck.gif

For each protocol enabled on EFT Server, attempt a connection directly to EFT Server using a client that supports that protocol.

blankcheck.gif

For each protocol enabled through DMZ Gateway, attempt a connection to the appropriate DMZ Gateway IP:PORT and confirm that this route works as expected.

Auditing/Logging

blankcheck.gif

View the audit traces generated by the validation steps above. 

blankcheck.gif

Confirm that the Auditing and Reporting module database has been populated with appropriate data (using either EFT Server Reporting interface or direct access to the SQL Server being used).

blankcheck.gif

Confirm that the text log files generated by EFT Server have been populated with the appropriate data.

Event Rules/Workflow

Each customer has a unique set of Event Rule/workflow requirements, but these are the general validation steps. Confirm the following are working as expected:

blankcheck.gif

E-mail notifications. Test e-mail notifications by triggering an Event Rule that has an e-mail notification Action to confirm that Event Rules fire and that the SMTP configuration is correct.

blankcheck.gif

PGP operations. Confirm that OpenPGP keys are configured properly.

blankcheck.gif

Move/Copy/Download actions. Initiate Event Rules that perform remote file uploads/copies/download so that connectivity originating from EFT Server to a remote system is properly configured. In this step, also confirm that a log file is generated that audits outbound connection information (a "cl*.log" file in the designated Server Log File location).

blankcheck.gif

Custom Commands. EFT Server is responsible for triggering those external commands, so that is what should be validated with respect to EFT Server. Any actions carried out by those external tools should be validated independently. Confirm that a "CMDOUT.LOG" file is generated as the result of an invoked Custom Command

blankcheck.gif

Folder Monitor Rules. Ensure that the Event Rules are properly enabled and responsive to files added to the folder being monitored.

Cluster/Failover Testing

blankcheck.gif

For cluster deployments, the failover and failback operations of the cluster should be confirmed. After a failover/failback, confirm that the newly active server behaves properly; that is, the failover is transparent and the configuration/operation is as expected. This can be summarized by the prior set of tests operating against the newly active node in the cluster.

Load Testing

blankcheck.gif

If you expect high volumes of traffic or back-end processing within EFT Server, you should verify that the resource utilization levels on the Server are within acceptable tolerances. There are numerous load-testing tools available, ranging from simple batch files running command-line FTP to highly complex synthetic transaction generators. GlobalSCAPE's Quality Assurance team performs load testing of our servers as part of our standard validation process for releasing software.

Numerous other features can be validated within EFT Server. The above set represents the key elements that are most often used and are the most critical to successful operation in a production environment.

Security Best Practices Checklist

The following settings are recommended for increased security. Print a PDF of the table below to check off items as you test. (You need Acrobat Reader to open the PDF.)

Administration Security

blankcheck.gif

Create a specific AD account on which EFT Server’s service is to run.

blankcheck.gif

Create an Event Rule or manually backup the entire Server configuration at least daily.

blankcheck.gif

Do not use any default administrator names (e.g., "admin").

blankcheck.gif

Do not use the default administration port.

blankcheck.gif

Only turn on remote administration if absolutely essential.

blankcheck.gif

Turn on SSL if using remote administration.

blankcheck.gif

Create sub-administrator accounts with the least amount of privileges necessary for helpdesk or operational administrators.

blankcheck.gif

Set administrator passwords to expire every 60 or 90 days.

blankcheck.gif

Set a complex security scheme for administrator passwords.

blankcheck.gif

Lockout administrators upon multiple failed login attempts.

blankcheck.gif

Run a PCI DSS report to detect any lax security configuration settings (either manually or on a schedule with an Event Rule).

blankcheck.gif

Periodically check the GlobalSCAPE support site for latest version, security patches, etc. and upgrade accordingly.

User/Password Security

blankcheck.gif

Expire accounts that are non-active for a specified period.

blankcheck.gif

Set user passwords to expire every 60 or 90 days.

blankcheck.gif

Define complex password security scheme for users.

blankcheck.gif

Prohibit password reuse/history.

blankcheck.gif

Automatically kick or ban users after repeated failed logins.

blankcheck.gif

Automatically ban IP addresses with repeated failed username attempts.

blankcheck.gif

E-mail user login credentials separately or only send username and communicate password via phone or other means.

File System Security

blankcheck.gif

Segregate user’s folders. (Do not share folders/resources across users when possible.)

blankcheck.gif

Restrict users to their home folders and set the home folder as ROOT for that user.

blankcheck.gif

Use Settings Templates to inherit user permissions rather than modifying them for each user.

blankcheck.gif

Use Groups to simplify control over user access to resources.

blankcheck.gif

Limit resource permissions to the minimum necessary.

blankcheck.gif

Specify a maximum disk space (quota) for each user (or Settings Template).

Auditing Security

blankcheck.gif

Enable verbose logging (Log Type).

blankcheck.gif

Rotate logs daily and encrypt+sign using an Event Rule.

blankcheck.gif

Always use extended auditing (ARM).

Data Security

blankcheck.gif

Encrypt data at rest using EFS encryption, PGP, or 3rd-party encryption.

blankcheck.gif

Keep data separate (DAS/SAN/NAS).

blankcheck.gif

Define data recovery procedures in case of data corruption/loss/theft.

blankcheck.gif

Scan uploaded files for viruses (3rd-party tool required).

blankcheck.gif

Never store data in the DMZ, even temporarily. (Use DMZ Gateway instead.)

blankcheck.gif

Create a legacy data clean-up rule according to your company policy.

blankcheck.gif

Enable data wiping for deleted data.

Protocols Security

blankcheck.gif

Only allow secure protocols (SSL, SSH).

blankcheck.gif

Only allow high security ciphers, hashes, key lengths.

blankcheck.gif

Mask the server identity by using generic banner messages.

blankcheck.gif

Specify a maximum limit for connections and transfers for each user/template.

blankcheck.gif

Specify allowed IP address ranges for user/partner connections when possible, denying connections from all other IP addresses.

Prescriptive Guidance for Maintenance

The following are guidelines for maintaining the good health of a Server and DMZ Gateway deployment, and reducing long-term costs of maintenance and operation.

Procedure for Cold Standby Setup

Below are few recommendations for achieving a backup server image that is ready to be turned on quickly and accept "real" traffic.

icon_info.gif

In all situations, if you are copying a configuration file from one system to another, care must be taken with hardware-specific resources, such as IP addresses, physical paths/partitions, and so on. If possible, it is recommended that the EFT Server configuration use the generic "All Incoming" IP Address for incoming socket connections so that differences in computer IP addresses do not prevent proper operation of the system if the Cold Standby comes online.

Furthermore, you must take care with the connections and IP-access restriction lists between EFT Server and DMZ Gateway. If DMZ Gateway is configured to allow only one EFT Server IP address to connect to it, then the Cold Standby server must have the same IP address to connect; alternately, the DMZ Gateway IP access list must include all possible IP addresses (possibly a Class C subnet) so that multiple servers from the approved network segment may connect.