Page 19 - Cyber Warnings
P. 19
Your SFTP Server should have settings for the maximum number of requests per second
that the server will allow. The minimum setting should be about 40 connections per
second. If you have very high traffic to your server, you may want to set this number a bit
higher, so that you don’t lock out legitimate traffic. Setting it lower will make it more secure,
but increases the risk of blocking actual user requests. It’s important to carefully consider
this balance, and to look at your server log files to determine normal usage ranges.
Users are the Weakest Link
Regardless of the measures you take to secure your server, you are at the mercy of your
users. Users want their passwords to be simple to type and easy to remember. Users like
words, especially words that mean something to them – a pet’s name or a child’s name, for
example. And users often use the exact passwords on a multitude of sites and services.
4. Two-factor authentication should be an option. As mentioned previously, hacking
passwords is the one of the most common ways that unauthorized users gain access to
systems. In addition to password policies, one method of drastically reducing the likelihood
of password guessing is to implement an additional level of authentication. There are
many ways that two-factor authentication can be implemented. A common way of doing
this is with a token, such as a Safenet or RSA token. The token displays a numeric string
which changes at short intervals. The user is required to enter the displayed numbers. The
numeric string is then validated against a remote server or satellite. If it matches, the user
progresses to the next level of authentication, which is entering their password.
5. Intelligent password policies should be implemented. While your system may be secure
from hacking, if a password on another system is hacked, there’s a good chance that
password will work in many places. Your server should allow the administrator to enforce
policies on password length and what type of characters must be used. Requiring a
password to include both upper and lower-case letters, at least 1 number and at least 1
special character will add exponentially to the number of possibilities for what the
password can be. And a minimum length of 8 characters also makes the password much
more difficult to guess.
Don’t Fall Victim to Your Software
As easy as it is to keep your software up to date, this is one place where many companies
cut corners. Ensuring that you are running the best and latest versions of your software is
key to staying cyber safe.
6. Keep your server and your operating system up to date. If you have good SFTP server
software and it’s working well for you, there is often a temptation to leave it alone.
However, new security threats are born every day, and server software companies are
19 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
