Educause Security Discussion mailing list archives

Re: Secure File Transfer

From: Ellen Amsel <eamsel () PRINCETON EDU>
Date: Tue, 17 Feb 2015 20:42:41 +0000

We've been using Accellion (the classic version) to securely send files.  I also used it at Stanford School of Medicine.
The best part is that it can send really large files (10 Gig+, depending on how you configure it).  This made 
researchers very happy.

Kind regards, Ellen

Ellen Amsel
Chief Information Security Officer
Princeton University
701 Carnegie Center
Princeton, NJ 08540
(609) 258 3565

Information Security Blog:  https://ciso.princeton.edu<https://ciso.princeton.edu/>
Twitter: @PrincetonCISO


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg 
Williams
Sent: Tuesday, February 17, 2015 2:52 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Secure File Transfer

We typically do 10 minute screensaver timeouts.  But it really depends on the system or groups of systems how much time 
we have.  Some more sensitive systems have timeout shorter.

For secure file sharing we either use PGP netshare if the user is going to be constantly sharing information with the 
same people across campus or filelocker2.  Filelocker2 (http://sourceforge.net/projects/filelocker2/) is opensource, 
developed by Purdue and I think you will find a lot of the higher ed community using it.  It is great for sharing 
information either with internal or external users.  Data is encrypted in transit and at rest, as well as virus scanned 
upon upload.  Data storage is temporary.  Both user accounts and data auto delete after a certain period of time, 
however user accounts are instantly re-created for users when they log in again via ldap.  We have approved of this 
tool for any type of sensitive data transfer including HIPAA, SSNs, etc.

Greg Williams, M.E., ISA, GPEN, GCFE
Director of Networks and Infrastructure
Interim IT Security Manager/Information Security Officer/HIPAA Security Officer
University of Colorado Colorado Springs - Department of Information Technology

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russo, 
Dan
Sent: Tuesday, February 17, 2015 6:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Secure File Transfer


Hello -

I was hoping to get feedback on a few things.  First what is the general screensaver time out everyone uses?  5minutes 
, 15minutes?

Also on a separate note in transferring sensitive data internally, how do you approach this?  Do you use a FTP server? 
Are you ok using email (encrypted)? Do you have a central repository such as a website to upload to ?

We are looking at a few ways to accomplish this.  Any feedback would be appreciated.

Thanks
Dan

Current thread:

Secure File Transfer Russo, Dan (Feb 17)
- Re: Secure File Transfer Jones, Justin (Feb 17)
  - Re: Secure File Transfer Russo, Dan (Feb 17)
    - Re: Secure File Transfer Jones, Justin (Feb 17)
- Re: Secure File Transfer Greg Williams (Feb 17)
  - Re: Secure File Transfer Ellen Amsel (Feb 17)
    - Re: Secure File Transfer Frank Barton (Feb 17)
    - Re: Secure File Transfer Russo, Dan (Feb 17)
  - Re: Secure File Transfer Mike Osterman (Mar 16)
    - Re: Secure File Transfer Jim Webb (Mar 18)
    - Re: Secure File Transfer Mike Osterman (Mar 19)
- Re: Secure File Transfer Jones, Mark B (Feb 17)