International Software Forum

Hi,
I've been wondering about what security advantages there are to having your sunapsis pdfs stored on a separate file server instead of on your primary admin web server. The main advantage that comes to mind is that the files stored on a separate file server can only be accessed by mapping to the network location with a specific user account. Does that make any difference vs having the files locally if someone manages to compromise the admin server on the Windows side of things? I assume that if the server is compromised through the web server (IIS/CF) then it doesn't really matter because the account that runs IIS/CF would already have access to the network drive.

For those that use a separate file server. why did you go that route?

I could see that it is just another hoop to jump through. An attacker would need to know the additional server name, the id of the user with the access, possible encryption keys, etc. You can hope that your IT has enough trip wires that would detect the intrusion. You can also add more hardened security to the to the file server, than what is on the admin server. It also further prevents the file server from being an entry point for the intrusion. The file server can be completely locked down except for essential services.

Some IT departments have trip wires, where if something seems off, services will be shutdown, preventing access to additional servers or what not.

We just moved to this method and our reasoning wasn't security based but that it makes changing application servers and upgrades etc. significantly easier without having to deal with also copying PDF files as part of any of the processes.