Jailing remote access

Operating systems and software have come a long way in increasing security.  Many now have the ability to lock user access to a specific area of the disk, or even into a virtual space that can not access the disk.  This is "Jailing" or "chrooting".

By locking access to a limited area, the potential for damage is greatly reduced.  If a remote user can not access any other part of the file systems, they can not do any damage.

We have a customer that has several remote sites transfer work files via secure FTP to one their servers.  Each user has their own directory to upload the files to.  Previously, even though they were defaulted to their own directory, they could move to other directories into the upload area.  This means that potentially, they could delete someone else files, or see what they were doing.

By updating the software on their server, the chrooting ability was added to lock them into their own directory tree only.  They can not even tell that any other directories exist, so there is no way to interfere or look at anything that anyone else is doing.

Some packages take it even further and jail their application in virtual space.  This would be something like a web server, that does not have to store any information back to the disk.  In this case, when the web server is started, it copies itself, and the files that it needs into a virtual space in memory.  Then, even if it is compromised, and files are corrupted or changed, it is the virtual copy, and not the actual files.  Simply restarting the server will recopy the files and everything goes back to where it was.

To get help setting up some of these advanced security modes contact us at CCS Retail Systems.

Leave a Reply