There Is One Thing to Do to Protect the Security of Enterprise Files and Prevent Data Leakage
Data leakage happens frequently, and this number continues to rise, and data security problems have been plaguing various institutions and organizations. By interpreting all kinds of data leakage events, we observe that the internal staff's dereliction of duty and irregular operation behaviors are almost 50% responsible for data loss and leakage.
As long as you press a few keys, you can easily download or delete the valuable data assets of an enterprise. The loss of reputation, money, and time caused by human errors is almost incalculable. Enterprises invest heavily in personnel, training, office space, and advertising, and it is also necessary to invest in secure file transfer.
A secure file transfer software, such as Raysync, ensures the safe transfer of important file assets to designated locations and ensures data security throughout the whole process:
1. Web-based security design
- User-side Web portal and management-side Web Portal support access IP address isolation and port isolation.
- Support some nodes to disable user plane Web Portal or management plane Web Portal
- Support Http and Https, the administrator can disable the Http but only enable the Https service.
- Https TLS 1.1, TLS 1.2, TLS 1.3, only open the encryption algorithm suite recognized by the industry as safe.
- The Web page of Raysync, the effective range of session is only valid for the current visit page, completely eliminating CSRF cross-site attack.
- Before each version is released, Huawei Cloud Online Professional Web Vulnerability Scanning Service is used to scan vulnerabilities and fix the latest released vulnerabilities in time.
2. Account & Password Protection Security Design
- In the transfer process, the user password is encrypted by an asymmetric high-strength encryption algorithm. Even if the transfer message is intercepted, the attacker can not recover the plaintext through ciphertext.
- The information stored in the database of the user password is irreversibly encrypted for 10,000 times in one direction by using the PBKDF2 algorithm and user's individual random salt. Even if the database information is leaked, the user password cannot be reversed through ciphertext.
- The password must be a combination of case, number, and special symbols, and the length must be greater than or equal to 8 characters.
3. Transfer Security Design
- In the transfer process, Raysync is protected by Hash verification at the transfer message level, file block and the whole file to ensure the integrity of the transfer content.
- TLS 1.3 is used for encryption between the Raysync client and the Raysync server to prevent man-in-the-middle attacks on the network.
- Raysync only needs to expose one port to the outside, which can meet all users' access and greatly reduce the risk of firewall port exposure.
4. Behavioral Audit
- The Raysync server completely records the complete behavior logs of users logging in, logging out, uploading, downloading, changing passwords, sharing links, etc., and the administrator can regularly audit the user behavior information.
- The Raysync server completely records the administrator's operation log, including adding, deleting, modifying user information, modifying server information, and other complete information. Auditors can regularly audit the server administrator's operation behavior.