1 2 Previous Next 18 Replies Latest reply on Mar 29, 2014 9:40 PM by JFWX5

    Encrypting Multi-file Solution Hosted on FMS13

    JFWX5

      Hi,

       

       

      I have about 10 related files that reside on FMS13 that I wish to encrypt.

       

       

      What is the best practice:

       

      Copy all files to the machine with FMA or temporarly share the folder on the server (after shutting down FMS)?

       

      What about the RC_Cache_FMS, RC_Data_FMS, RC_StreamingChace_FMS & Removed_by_FMS files in the Databases Folder?

       

      Also, please note all my container data is using secure storage.

       

       

      Thank you,

       

       

      John

       

       


       

       


        • 1. Re: Encrypting Multi-file Solution Hosted on FMS13
          wimdecorte

          Don't share the folder.  When you do the encryption, do it on a local machine.  That'll save both time and make the process less vulnerable (= not having to send the traffic across the network, could get interrupted,...)

          • 2. Re: Encrypting Multi-file Solution Hosted on FMS13
            wimdecorte

            As to the other folders: don't worry about the RC_cache and RC_streamingcache.  Those are just temp for FMS.  "removed_by_FMS" is for files that you removed through the admin console.  Ideally there should not be anything in it. If there is, archive it away or delete it.

            RC_data_fms is where you container data is, so leave that one alone.

            1 of 1 people found this helpful
            • 3. Re: Encrypting Multi-file Solution Hosted on FMS13
              JFWX5

              Wim,

               

               

              Just to be extra sure I copy over the RC_data_fms folder to the FMA machine before I encrypt the files, correct?

               

               

              Thank you,

               

               

              John

              • 4. Re: Encrypting Multi-file Solution Hosted on FMS13
                JFWX5

                Hi Again,

                 

                 

                Could someone point me straight.

                 

                 

                 

                Do I copy the RC_data_fms along Database files from FMServer to the FMA, then encrypt then upload to server?

                 

                or

                 

                Do I just copy over the Database Files to FMA and leave the RC_data_fms on the server, then encrypt, then just upload to server overwriting old FM files?

                 

                 

                Thank you,

                 

                John

                • 5. Re: Encrypting Multi-file Solution Hosted on FMS13
                  wimdecorte

                  No, everytime you want to manipulate a file away from FMS you have to make sure you have everything in one place.  So copy the file and it's remote container data.  Verify that you can see the container data before you encrypt the file. You may have to move the RC folder one level up from where it is after you copy everything over from the server.

                  • 7. Re: Encrypting Multi-file Solution Hosted on FMS13
                    JFWX5

                    Hi All,

                     

                    It's ME again, still playing around with this encryption process.

                     

                     

                    In order for me to get the encryption process right.  I have to load the DB_Filemane.fmp12 and the  files_folder from RC_Data_FMS > DB_FileName > "Files" folder into the FMA work folder.

                     

                     

                    Since this is a multi file solution all of the databases have a RC_Data_FMS > DB_FileName > "Files Folder"

                     

                    Since I can't copy more than one "Files" folder into the working directory at a time.  Filemaker Advance instructions states, encrypt multi-user solutions at the same time.

                     

                    As long as I use the same SHARED ID, Password and Encryption Password  for each of these files will encryption process work?

                     

                    On a side note does anyone have any opinions on the whole FM encryption process / usage?

                     

                     

                    Thank you,

                     

                    John

                    • 8. Re: Encrypting Multi-file Solution Hosted on FMS13
                      taylorsharpe

                      I get the feeling you don't have an understanding of FileMaker security and are asking general "feeling" quesitons about FileMaker security without delving into the details.  But the devil is always in the details and I recommend you just follow the FileMaker Security guidelines at http://help.filemaker.com/app/answers/detail/a_id/13291/~/the-filemaker-security-guide

                       

                      Client Server connections are AES 256 bit encrypted if you turn on security in Admin Console.  The default Remote Container storage is all encrypted unless you turn off the defaults.  And you can even do encryption at rest of all tables if you want.  If you just follow FileMaker's recommendations, you'll be just fine. 

                       

                      Do not use the same SHARED ID and password for Encryption, let FileMaker handle the encryption and give each person their own User ID and password as is standard in all enterprise level security. 

                       

                      The FileMaker encryption process and usage is amazingly simple compared to doing it in most other systems where you have to integrate the security of the database engine and the security of the User Interface separately. 

                       

                      As I mentioned in another post, the US Department of Homeland Security keeps track of database vulnerabilities an National Vulnerabilities Database and if you look for FileMaker, there have only been 5 vulnerabilties documented since 2000.  Oracle ahs 2585 vulnerabiltiies documented and MySQL has 461 and both of them have high level vulnerabilities listed for 2014!!!  FileMaker only had 1 high level vulnerability and that was in 2000 and since then nothing has been above medium level.  Based on this database, FileMaker has amazingly less documented vulnerabilities than most other databse solutions.  You will be hard pressed to find a better security system on off-the-shelf commercial software and if you follow FileMaker's Users Guide, you should end up with a very security system.  Obviously any system can be developed in a non-secure manner, but you really have to go out of your way to make FileMaker vulnerable. 

                       

                      You may consider developing a security plan if you want to better understand security controls.  Check out the National Institute of Standards and Technology guide 800-53 (v4) as a good example of security controls that are required to be documented on US Government computers.  And, yes, FileMaker can be developed to meet the minimum requirements for Top Security under the various US Government standards for "Top Secret".  If you need more security than the US Government does, then you should be hiring a real security professional to handle such things for your system and there are such professionals out there (ISACA, MSc, CISSP, CISM, CRISC).  But expect to spend a large amount of money on such people because they are very much in demand!

                      • 9. Re: Encrypting Multi-file Solution Hosted on FMS13
                        JFWX5

                        Hi Taylor,

                         

                        I do beleive in the proper security for FM.  I've been running SSL on FMS since it came out.  Multi level user / priveledge sets and custom menues, my containers are sercured storage.  Server is in a locked closet with a hardwalled Firewall, only outside access to network is IPsec VPN. Onsite and offsite multi-version backups.  Also, APC UPS.

                         

                         

                         

                         

                        The problem I have now is encryption of the databases stored on FMS.  All of the FM documentation speaks about using FMA to encrypt

                         

                        one DB.  FM doc's are not really clear on trying to encrypt 17 files (or 1 for that matter) with secure storage.  How does one load 17 files

                         

                        that each have a  "RC_Data_FMS > DB_Name.FMP!2 > Files > DB_Name > " directory.  What level of the RC_ directory do you load into FMA?  I've only

                         

                        been able to encrypt when I load DB_Name.FMP12 & the Files directory.  Problem is that all the DB's have a "Files" level. 

                         

                        It does speak about:

                         

                        If you have a multi-file solution, encrypt all database files with the same encryption password and shared ID.

                         

                        DO I ignore above and do each each indivually ?  I have 20 years of FM date to account for.

                         


                         

                        Thank you,

                         

                        John

                        • 10. Re: Encrypting Multi-file Solution Hosted on FMS13
                          taylorsharpe

                          http://help.filemaker.com/app/answers/detail/a_id/11991/~/using-encryption-at-rest-(ear)-functionality-with-filemaker-products

                           

                          Go down to the table that has two columns, "Item" and "Description".  Under "Shared ID" item, it lets you know that you have groups of a set of EAR'd files that share the same encryption password.  So you use the same one for all of the files on the server.  Is that what you are asking?

                          1 of 1 people found this helpful
                          • 11. Re: Encrypting Multi-file Solution Hosted on FMS13
                            JFWX5

                            Hi,

                             

                             

                            OK, so as long as I use the same SharedID on all the related files, I'll be good.

                             

                            But it would be nice if FM expained which level of the ""RC_Data_FMS > DB_Name.FMP!2 > Files > DB_Name > " directory" to load into

                             

                            FMA, rather than leaving it to guessing.

                             

                            BTW, Since the files will now be EAR.  Is it still necessary to have the files encrypted a 2nd time by the offsite backup program?

                             

                             

                            Thank you,

                             

                            John

                            • 12. Re: Encrypting Multi-file Solution Hosted on FMS13
                              taylorsharpe

                              Good question that I don't know the answer to.  But it would be easy to test out.  Take one of the backups and see if you can open it without the shared ID.  I'd be interested to know what happens.

                              • 13. Re: Encrypting Multi-file Solution Hosted on FMS13
                                JFWX5

                                I'm concerned about encrypting the encrypted.  And, also the storage of Shared ID, FM Encryption Password, FM File password and Cloud backup Password.

                                 

                                I think I'll foward this encryption question to Matt O'Dell.

                                 

                                 

                                Thank you,

                                 

                                 

                                John

                                • 14. Re: Encrypting Multi-file Solution Hosted on FMS13
                                  Malcolm

                                  But it would be nice if FM expained which level of the ""RC_Data_FMS > DB_Name.FMP!2 > Files > DB_Name > " directory" to load into FMA, rather than leaving it to guessing.

                                   

                                  An unencrypted external container dumps all it’s files in one place and you can move files in and out - though you do this at your own risk - it is highly discouraged by FMI.

                                   

                                  If you look at the directories of an encrypted, external container you’ll see that the the files are not simply encrypted, file by file, and stored in a directory. The encrypted data is split across directories. Each file is just a little bit of cryptic-ness.

                                   

                                  The only way to load these files is to the server is to bring them in via the DB. There are instructions in the documentation which will be clearer than I can be. The basics are: (1) save a copy as a single-file which tells the server to pull all external references into the db. (2) move the file (3) switch the container fields back to external references.

                                   

                                  malcolm

                                  1 2 Previous Next