December 15th, 2016


Overview and Core Features of cloud storage

When these services first appeared, the term Cloud Sync and Share did a good job of encapsulating their capabilities. You could save a file locally, it would sync and upload to a cloud service, and you could expose a share link so someone else on the Internet could download it. The tools offered various mobile agents for different devices, and consistently offered some level of versioning so you could recover deleted files and previous versions.

Most providers now offer much more than basic sync and share. Here are the core features which tend to define these services:

* Storage: The cloud provider stores fileles. This typically includes multiple versions and retention of deleted filesles. The retention period, recovery method, and mechanisms for reverting to a previous version vary widely. Enterprises need to understand how much is stored, what users can access/recover, and how this affects security. For example, make sure you understand version and deletion recovery so sensitive files you 'removed' don't turn up later.

* Sync: A software agent syncs local user directory (or server directory) changes with the cloud provider. Edit a file locally, and it silently syncs up to the server. Update it on one device and it propagates to the rest. The cloud provider handles version conflicts (which can leave version orphans in user folders). Users typically access alternate versions and recover deleted files through the web interface, and sometimes it also manages collisions.

* Share: Users can share files through a variety of mechanisms, including sharing directly with another user of the service (inside or outside the organization) which allows the recipient to sync the file or folder just like their own content. Shared items can be restricted to web access only; sharing can be open (public), restricted to registered users, or require a one-off password. This is often handled at the file or folder level, allowing capabilities such as project rooms to support

 

The Security Pro's Guide to Cloud File Storage and Collaboration:

Collaboration across organizations without providing direct access to any participant's private data. We will cover security implications of sharing throughout this report, especially how to manage and secure it.

* View: Many services now include in-browser viewers for different file types. Aside from convenience and ensuring users can see files, regardless of whether they have Office installed, this can also function as a security control, providing restricted access without allowing users to download files.

* Collaborate: Expanding on simple viewers (and the reason Sync and Share isn't entirely descriptive any more), some platforms allow users to mark up, comment on, and even edit collaborative documents directly in a web interface. This also ties into the project/share rooms mentioned above.

* Web and mobile support: The platform syncs locally with multiple operating systems using local agents (at least Windows, Mac, and iOS), provides a browser-based user interface for access from anywhere, and offers native apps for multiple mobile platforms.

* APIs: Most cloud services expose APIs for direct integration into other applications. This is how, for example, Apple is adding various cloud storage providers direct operating system integration in the next version of iOS. On the other hand, you could potentially link into APIs directly to pull security data or manage security settings.

 

What is Firewall?

What is a firewall - Understanding Firewalls

A firewall is a structure intended to keep a fire from spreading. Building have firewalls made of brick walls completely dividing sections of the building. In a car a firewall is the metal wall separating the engine and passenger compartments.

Internet firewalls are intended to keep the flames of Internet hell out of your private LAN. Or, to keep the members of your LAN pure and chaste by denying them access the all the evil Internet temptations. ;

The first computer firewall was a non-routing Unix host with connections to two different networks. One network card connected to the Internet and the other to the private LAN. To reach the Internet from the private network, you had to logon to the firewall (Unix) server. You then used the resources of the system to access the Internet. For example, you could use X-windows to run Netscape's browser on the firewall system and have the display on your work station. With the browser running on the firewall it has access to both networks.

This sort of dual homed system (a system with two network connections) is great if you can TRUST ALL of your users. You can simple setup a Linux system and give an account accounts on it to everyone needing Internet access. With this setup, the only computer on your private network that knows anything about the outside world is the firewall. No one can download to their personal workstations. They must first download a file to the firewall and then download the file from the firewall to their workstation.

 

CYBERLOCKER SERVICES (CLS)

Cyberlocker services offer a simple Web-based solution for hosting files that can be accessed conveniently using a URL. After a file is uploaded to the site, a URL is generated by the site to access this file. These sites offer two levels of service - free and premium. The free service has limitations on the number of downloads and the maximum throughput achieved for the download. Premium users have to pay a subscription fee and these restrictions are removed for such users. A free user has to go through a series of steps before the download can begin. Most often the user has to wait for a pre-determined amount of time before the link is clickable. Premium users do not have to wait for their download to start. All sites impose limitations on the size of the uploaded file regardless of the user type. However, a user can split a large media content into smaller parts and upload them separately. On the other end, users who download these parts can use an archiving program to join the parts and obtain the original content. Figure 2 shows a simplified illustration of uploading and downloading of a file using a generic Cyberlocker site.