Re: Secure File Transfer

[Jim Webb <webbjt () APPSTATE EDU>]

I believe the 2.6 dev branch has receive more recent attention (2014 
commits):
http://sourceforge.net/p/filelocker2/code/commit_browser
http://sourceforge.net/p/filelocker2/code/959/tree/branches/

If I recall, Norfolk State Univ. may now be maintaining the project.

-Jim

--
James Webb
CISSP,CISM,CEH,CCE,ITILV3F
Chief Information Security Officer
Appalachian State University
ITS - Office of Information Security

phone: 828-262-6277
fax: 828-262-2236
web: http://security.appstate.edu
twitter: @appinfosec



On 3/16/15 12:17 PM, Mike Osterman wrote:
> Does anyone have any information on the livelihood of the FileLocker 2 
> project? As best as I can find, it hasn't been updated since November 
> of 2012:
> http://sourceforge.net/p/filelocker2/code/954/tree/branches/
>
> The big concern is not necessarily new features, but whether it has a 
> maintainer for security/bug fixes. The advertised 
> <http://sourceforge.net/projects/filelocker2/support> bug filing 
> system seems to have quite a few open items:
> http://sourceforge.net/p/filelocker2/bugs/
>
> Thank you,
> Mike
>
> Mike Osterman
> Director, Enterprise Technology
> Whitman College
> (509) 527-5419
>
> > On Feb 17, 2015, at 11:52 AM, Greg Williams <gwillia5 () uccs edu 
> > <mailto:gwillia5 () uccs edu>> wrote:
> >
> > We typically do 10 minute screensaver timeouts.  But it really 
> > depends on the system or groups of systems how much time we have.  
> > Some more sensitive systems have timeout shorter.
> > For secure file sharing we either use PGP netshare if the user is 
> > going to be constantly sharing information with the same people 
> > across campus or filelocker2.  Filelocker2 
> > (http://sourceforge.net/projects/filelocker2/) is opensource, 
> > developed by Purdue and I think you will find a lot of the higher ed 
> > community using it.  It is great for sharing information either with 
> > internal or external users.  Data is encrypted in transit and at 
> > rest, as well as virus scanned upon upload.  Data storage is 
> > temporary. Both user accounts and data auto delete after a certain 
> > period of time, however user accounts are instantly re-created for 
> > users when they log in again via ldap.  We have approved of this tool 
> > for any type of sensitive data transfer including HIPAA, SSNs, etc.
> > Greg Williams, M.E., ISA, GPEN, GCFE
> > Director of Networks and Infrastructure
> > Interim IT Security Manager/Information Security Officer/HIPAA 
> > Security Officer
> > University of Colorado Colorado Springs - Department of Information 
> > Technology
> > *From:*The EDUCAUSE Security Constituent Group Listserv 
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU]*On Behalf Of*Russo, Dan
> > *Sent:*Tuesday, February 17, 2015 6:57 AM
> > *To:*SECURITY () LISTSERV EDUCAUSE EDU 
> > <mailto:SECURITY () LISTSERV EDUCAUSE EDU>
> > *Subject:*[SECURITY] Secure File Transfer
> > Hello –
> > I was hoping to get feedback on a few things.  First what is the 
> > general screensaver time out everyone uses? 5minutes , 15minutes?
> > Also on a separate note in transferring sensitive data internally, 
> > how do you approach this?  Do you use a FTP server? Are you ok using 
> > email (encrypted)? Do you have a central repository such as a website 
> > to upload to ?
> >
> > We are looking at a few ways to accomplish this. Any feedback would 
> > be appreciated.
> > Thanks
> > Dan