Educause Security Discussion mailing list archives

Re: Secure File Transfer

From: Mike Osterman <ostermmg () WHITMAN EDU>
Date: Mon, 16 Mar 2015 09:17:19 -0700

Does anyone have any information on the livelihood of the FileLocker 2 project? As best as I can find, it hasn't been 
updated since November of 2012:
http://sourceforge.net/p/filelocker2/code/954/tree/branches/

The big concern is not necessarily new features, but whether it has a maintainer for security/bug fixes. The advertised 
<http://sourceforge.net/projects/filelocker2/support> bug filing system seems to have quite a few open items:
http://sourceforge.net/p/filelocker2/bugs/

Thank you,
Mike

Mike Osterman
Director, Enterprise Technology
Whitman College
(509) 527-5419

On Feb 17, 2015, at 11:52 AM, Greg Williams <gwillia5 () uccs edu> wrote:

We typically do 10 minute screensaver timeouts.  But it really depends on the system or groups of systems how much 
time we have.  Some more sensitive systems have timeout shorter.
 
For secure file sharing we either use PGP netshare if the user is going to be constantly sharing information with the 
same people across campus or filelocker2.  Filelocker2 (http://sourceforge.net/projects/filelocker2/ 
<http://sourceforge.net/projects/filelocker2/>) is opensource, developed by Purdue and I think you will find a lot of 
the higher ed community using it.  It is great for sharing information either with internal or external users.  Data 
is encrypted in transit and at rest, as well as virus scanned upon upload.  Data storage is temporary.  Both user 
accounts and data auto delete after a certain period of time, however user accounts are instantly re-created for 
users when they log in again via ldap.  We have approved of this tool for any type of sensitive data transfer 
including HIPAA, SSNs, etc.
 
Greg Williams, M.E., ISA, GPEN, GCFE
Director of Networks and Infrastructure
Interim IT Security Manager/Information Security Officer/HIPAA Security Officer
University of Colorado Colorado Springs - Department of Information Technology
 
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Russo, Dan
Sent: Tuesday, February 17, 2015 6:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Secure File Transfer
 
 
Hello –
 
I was hoping to get feedback on a few things.  First what is the general screensaver time out everyone uses?  
5minutes , 15minutes?
 
Also on a separate note in transferring sensitive data internally, how do you approach this?  Do you use a FTP 
server? Are you ok using email (encrypted)? Do you have a central repository such as a website to upload to ?

We are looking at a few ways to accomplish this.  Any feedback would be appreciated.
 
Thanks
Dan

Current thread:

Secure File Transfer Russo, Dan (Feb 17)
- Re: Secure File Transfer Jones, Justin (Feb 17)
  - Re: Secure File Transfer Russo, Dan (Feb 17)
    - Re: Secure File Transfer Jones, Justin (Feb 17)
- Re: Secure File Transfer Greg Williams (Feb 17)
  - Re: Secure File Transfer Ellen Amsel (Feb 17)
    - Re: Secure File Transfer Frank Barton (Feb 17)
    - Re: Secure File Transfer Russo, Dan (Feb 17)
  - Re: Secure File Transfer Mike Osterman (Mar 16)
    - Re: Secure File Transfer Jim Webb (Mar 18)
    - Re: Secure File Transfer Mike Osterman (Mar 19)
- Re: Secure File Transfer Jones, Mark B (Feb 17)