![]() ![]() Since version 14, FileMaker’s HTTP and HTTPS ports have been configurable, but still default to ports 80 and 443, respectively. WebDirect or CWP (Custom Web Publishing).FileMaker Server’s Admin Console (when using port 16000).FileMaker Pro’s Upload to FileMaker Server (uses http/https).FileMaker Pro & Go client connections (port 5003).external container data (uses http/https).All of the various methods of accessing a FileMaker system can be made to use SSL connections. Here we start to get a bit more specific to FileMaker. ![]() Since version 14, the FileMaker Admin Console will block access from a given IP address for 15 minutes after 5 repeated failures. Besides using strong passwords for all access, you may want to consider using external authentication or fail2ban to help block these attempts. ![]() It does not protect you from dictionary attacks. Various forms of this attack are frequently used, probably because they are frequently effective and easy to implement. Features in the latest revision of SSL (aka “TLS”), such as session reconnects, will also help reduce any overhead. But I suspect this is now much reduced as algorithms have improved and most CPU’s have started to include instructions to help optimize encryption speeds. In the past, I’ve heard this stated as being as high as 10% added overhead, especially for the initial connection setup. There is a performance penalty for encryption and decryption of data. However, it can indirectly protect data at rest by making it harder to exploit a network connection to gain file system access or sniff passwords. In other words, any database files, scripts, or other documents available via the file system will not be protected by SSL. SSL connections will not help with EAR (Encryption At Rest) requirements. Acquiring this can present some initial logistical challenges, and require administrative overhead, as well as yearly fees for renewal. You will need to use a signed SSL certificate. Although there is some small benefit with using FileMaker’s self-signed certificate, in order to fully realize the benefits mentioned above, a custom certificate signed by a certificate authority is needed (we’ll delve into certificate types in Part II). In Part II, we’ll discuss a few additional benefits specific to FileMaker. So for this script, adding a “s” was all it took to improve its security. This would pass over your network without any encryption, and could be a great use case for SSL, since both the data and credentials are passed unencrypted. To fix this, we could change the code as follows (assuming port 443 is being used for https connections): curl -u "myuser:secretpassword" "" But consider the following XML query: curl -u "myuser:secretpassword" "" For FileMaker Pro & Go connections, even when not using SSL, credentials are encrypted and data will have some minimal encryption. If any of the above are true, then its quite likely that the same actors involved will also attempt to discover your passwords or any other confidential content passing over your network. an untrusted device (or malicious user) connects to your network.a weakly-encrypted wireless connection (e.g., WEP or WPA1).But even for these networks, one or more of the following are possibilities: But these issues can seem esoteric for those who never access their servers remotely and where their servers are only accessible on the LAN. greatly reduce packet sniffing/snoopingįor situations where a server is on a public (Internet) IP these goals are central.prevent packet injection or forged content.prevent MITM (man-in-the-middle) attacks.users can trust that they are connecting to the correct server.Using SSL-based connections is a very basic step you can use to help with the following goals: Network security is a non-trivial subject that can seem overwhelming, but hopefully anyone deploying or managing a server is at least somewhat interested in their system’s security. This is after all the heart of the topic. ![]() Definitely check out the references and links if you’d like more information. In an attempt to be as brief as possible, I’ll be mainly discussing server configuration issues, and leaving out many smaller details. But where do they come into play, and how might this affect your deployments?īecause of the amount of terminology involved and the wide scope that SSL (Secure Socket Layer) connections cover, we should first go over some basics of typical SSL connections and the certificates needed to use them. Starting with version 15 however, FileMaker introduced a number of security changes, in handling SSL and certificates, on both the server and the clients. SSL certificates are a very common way to secure client/server network connections, and the FileMaker platform has made use of them for many years. ![]()
0 Comments
Leave a Reply. |