Re: Secure File Transfer

[Mike Osterman <ostermmg () WHITMAN EDU>]

All,

I've spoken with the active maintainer at NSU and have confirmed that NSU is the new maintainer, specifically of the 
2.6 branch.

Of course, since this is an open source project, if there are any Python devs out there with a fondness for security, 
I'm sure they wouldn't mind a hand. :)

Thanks, Jim, for the lead!

-Mike

> On Mar 18, 2015, at 12:56 PM, Jim Webb <webbjt () APPSTATE EDU> wrote:
>
> I believe the 2.6 dev branch has receive more recent attention (2014 commits):
> http://sourceforge.net/p/filelocker2/code/commit_browser <http://sourceforge.net/p/filelocker2/code/commit_browser>
> http://sourceforge.net/p/filelocker2/code/959/tree/branches/ 
> <http://sourceforge.net/p/filelocker2/code/959/tree/branches/>
>
> If I recall, Norfolk State Univ. may now be maintaining the project.
>
> -Jim
>
> -- 
> James Webb
> CISSP,CISM,CEH,CCE,ITILV3F
> Chief Information Security Officer
> Appalachian State University
> ITS - Office of Information Security
>
> phone: 828-262-6277
> fax: 828-262-2236 
> web: http://security.appstate.edu <http://security.appstate.edu/>
> twitter: @appinfosec 
>
>
> On 3/16/15 12:17 PM, Mike Osterman wrote:
> > Does anyone have any information on the livelihood of the FileLocker 2 project? As best as I can find, it hasn't 
> > been updated since November of 2012:
> > http://sourceforge.net/p/filelocker2/code/954/tree/branches/ 
> > <http://sourceforge.net/p/filelocker2/code/954/tree/branches/>
> >
> > The big concern is not necessarily new features, but whether it has a maintainer for security/bug fixes. The 
> > advertised <http://sourceforge.net/projects/filelocker2/support> bug filing system seems to have quite a few open 
> > items:
> > http://sourceforge.net/p/filelocker2/bugs/ <http://sourceforge.net/p/filelocker2/bugs/>
> >
> > Thank you,
> > Mike
> >
> > Mike Osterman
> > Director, Enterprise Technology
> > Whitman College
> > (509) 527-5419
> >
> > > On Feb 17, 2015, at 11:52 AM, Greg Williams <gwillia5 () uccs edu <mailto:gwillia5 () uccs edu>> wrote:
> > >
> > > We typically do 10 minute screensaver timeouts.  But it really depends on the system or groups of systems how much 
> > > time we have.  Some more sensitive systems have timeout shorter.
> > >  
> > > For secure file sharing we either use PGP netshare if the user is going to be constantly sharing information with 
> > > the same people across campus or filelocker2.  Filelocker2 (http://sourceforge.net/projects/filelocker2/ 
> > > <http://sourceforge.net/projects/filelocker2/>) is opensource, developed by Purdue and I think you will find a lot 
> > > of the higher ed community using it.  It is great for sharing information either with internal or external users.  
> > > Data is encrypted in transit and at rest, as well as virus scanned upon upload.  Data storage is temporary.  Both 
> > > user accounts and data auto delete after a certain period of time, however user accounts are instantly re-created 
> > > for users when they log in again via ldap.  We have approved of this tool for any type of sensitive data transfer 
> > > including HIPAA, SSNs, etc.
> > >  
> > > Greg Williams, M.E., ISA, GPEN, GCFE
> > > Director of Networks and Infrastructure
> > > Interim IT Security Manager/Information Security Officer/HIPAA Security Officer
> > > University of Colorado Colorado Springs - Department of Information Technology
> > >  
> > > From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY 
> > > () LISTSERV EDUCAUSE EDU>] On Behalf Of Russo, Dan
> > > Sent: Tuesday, February 17, 2015 6:57 AM
> > > To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>
> > > Subject: [SECURITY] Secure File Transfer
> > >  
> > >  
> > > Hello –
> > >  
> > > I was hoping to get feedback on a few things.  First what is the general screensaver time out everyone uses?  
> > > 5minutes , 15minutes?
> > >  
> > > Also on a separate note in transferring sensitive data internally, how do you approach this?  Do you use a FTP 
> > > server? Are you ok using email (encrypted)? Do you have a central repository such as a website to upload to ?
> > >
> > > We are looking at a few ways to accomplish this.  Any feedback would be appreciated.
> > >  
> > > Thanks
> > > Dan