Presentation is loading. Please wait.

Presentation is loading. Please wait.

Filelocker: Simplifying Secure File Transfers

Published bySamson Lyons Modified over 6 years ago

Similar presentations

Presentation on theme: "Filelocker: Simplifying Secure File Transfers"— Presentation transcript:

1 Filelocker: Simplifying Secure File Transfers
Presented by: Brett Davis, IT Security Engineer Copyright William Brett Davis, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 Agenda Initial needs Filelocker v1 (currently in production)
Lessons learned and feedback Filelocker v2 (going to beta soon) Future Action Items/Plans for v2.5 Questions

3 How do you send sensitive information?
Currently… How do you send sensitive information? PGP? S/MIME? Encrypted Zip? Out of band password transmission? Sneaker-net? How about larger files???

4 Project Initiating Problems
Faculty and staff would unknowingly use regular to send sensitive data to others Implementing security campus wide is expensive or complex (but usually both) Security personnel needed a secure means to communicate back and forth and with end users is inefficient for sending large files - especially to multiple users People unknowingly sending infected files Lack of ability to (easily) authenticate senders of files via Auditing

5 Sensitive data would hang around on the network for much too long.
and zombies Sensitive data would hang around on the network for much too long. We still the effects of this today when someone plugs in an old workstation or server Oh what secrets the undead have to tell

6 Filelocker v1 Enter Filelocker v1
-Developed in house (WHICH MEANS IT’S FREE RIGHT?) -Designed around securing the transfer (security in transit, at rest, secure deletion, separation of keys from files, minimized need for pre-shared keys) -Attempted to be intuitive so that users would be less resistant to adoption and would opt to use it over -Designed to be efficient for larger files (<1GB) – upload once, download many -Tied into Purdue’s directory -Allowed for (relatively) secure sharing out to the public -Kept history of uploads and downloads (though not easily user accessible)

7 Uploads in Action! Drawback:Did not allow virus scans and encryption!

8 Sharing and Searching

9 It’s nice but… Feedback
Needs a way to let people outside Purdue upload Needs groups Needs bigger files Mandatory encryption Can it be used to distribute AV and other security related software? Can students use it? If so, can’t they use it to share music!?! OH NO!!!!

10 So Filelocker v2 now has Groups
Larger file upload capacity (arbitrarily large now, max can be set in config) Upload requests (allows people outside Purdue to upload to Filelocker) Mandatory encryption A provision to check file md5 hashes against known copyrighted material – just need to find a database Ability to scan encrypted files Among other core and UI upgrades (better OOP, more intuitive interface) -The alternative to hashes would be disallowing .mp3 extensions or possibly just disallowing them for students.

11 Filelocker V2 UI mock ups
Some of you might find this layout… familiar

12 Upload options

13 Uploads in progress

14 Sharing with other users

15 Public uploads

16 Public Sharing

17 Core is written in Python (CherryPy for the web server) MySQL database
Technologies used Core is written in Python (CherryPy for the web server) MySQL database jQuery and some other JQ plugins (all open source) on the front end to manage concurrent uploads

18 Security Specifics SSL used to encrypt files in transit
Files are spooled to disk Virus Scan MD5 calculation and lookup Encrypted using AES-128 Temp file is securely deleted Auto-encrypted files store keys in database (which should be on a different server than the file server) Files are not at risk if only the file server or only the db server is compromised Files and users have a max lifetime – purged after x days

19 In the works for 2.5 SMB server support (users can link FL to an SMB share – serve files directly from it) Caveat: No file encryption and credentials for share must be stored by FL! Secure Messaging (Think Facebook style messages) Mobile (iPhone, Blackberry) apps Login federation and ability to “connect” Filelocker instances at different organizations Desktop application to emulate network drive (maybe…)

20 Can anyone see something like this being adopted at your institution?

21 Beta testing to start mid-May
Where we are now Beta testing to start mid-May If anyone is interested in testing at their own site – please send me an at The core of Filelocker will be open sourced soon (since I know you were going to ask)

22 Suggestions? Questions? Have any of you approached secure file sharing in a different way?

Download ppt "Filelocker: Simplifying Secure File Transfers"

Similar presentations

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.
Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.

Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.
The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,

The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,
A Web-based Bibliography Management Initiative: Collaborating for Classroom and Library Technology Integration Brian Nielsen, Academic Technologies Denise.

A Web-based Bibliography Management Initiative: Collaborating for Classroom and Library Technology Integration Brian Nielsen, Academic Technologies Denise.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Webdisk Storage Anywhere, Anytime for Everyone Presented at Educause, 2003 Copyright 2003, Jeremy Mortis and Harold Esche. This work is the intellectual.

Webdisk Storage Anywhere, Anytime for Everyone Presented at Educause, 2003 Copyright 2003, Jeremy Mortis and Harold Esche. This work is the intellectual.
Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.

Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.
Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, 2004. This work is the intellectual.

Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, This work is the intellectual.
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Copyright Tim Antonowicz, 2006. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Copyright Tim Antonowicz, This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Information Security Office www.cmu.edu/iso 1 Copyright Statement Copyright Mary Ann Blair 2008. This work is the intellectual property of the author.

Information Security Office 1 Copyright Statement Copyright Mary Ann Blair This work is the intellectual property of the author.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Baylor University and Xythos EduCause Southwest 2007 Dr. Sandra Bennett Program Manager Online Teaching and Learning System Copyright Sandra Bennett 2007.

Baylor University and Xythos EduCause Southwest 2007 Dr. Sandra Bennett Program Manager Online Teaching and Learning System Copyright Sandra Bennett 2007.
1 No More Paper, No More Stamps: Targeted myWSU Communications Lavon R. Frazier April 27, 2005 Copyright Lavon R. Frazier, 2005. This work is the intellectual.

1 No More Paper, No More Stamps: Targeted myWSU Communications Lavon R. Frazier April 27, 2005 Copyright Lavon R. Frazier, This work is the intellectual.
Please Note: Copyright –David L. Snellman 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared.

Please Note: Copyright –David L. Snellman This work is the intellectual property of the author. Permission is granted for this material to be shared.
Chapter 8 The Internet: A Resource for All of Us.

Chapter 8 The Internet: A Resource for All of Us.
Identity on Force.com & Benefits of SSO Nick Simha.

Identity on Force.com & Benefits of SSO Nick Simha.

Similar presentations

Ads by Google