The recent cyber attack on Sony Pictures serves as a new, additional, and very loud wake-up call for businesses all over the world about the need to protect digital assets. Organizations who use the FileMaker Platform to manage their businesses and whose databases contain proprietary and sensitive information, business process control methods, or financial data especially need to be diligent about data protection. If you are a small business, an education institution, a not-for-profit organization—all typical FileMaker Platform customers—you are just as much at risk as are large multi-national organizations, perhaps even more so than they are.
As I have noted before, FileMaker Platform deployed files are susceptible to one or more of six distinct types of attacks that target one or more of seven distinct types of vulnerabilities. Fortunately FileMaker Pro and FileMaker Server both give developers the tools to close or to narrow dramatically these vulnerabilities. These attacks can destroy data or alter them in a subtle fashion, often a much more difficult situation to recognize initially or even at all. They can also extract data from the files.
Here are a number of specific actions FileMaker developers can take to protect their clients’ files as well as their own.
- Review with you clients the likely threats to their digital assets and how serious the negative impact of a breach would be to their operations, people, and reputation. If you don’t know how to do this, I can help you.
- Use strong passwords on all files. Such passwords are typically twelve or more alphanumeric or high ASCII characters. Whether internal to the database file or externally located on the server or on the domain controller, such passwords are much less prone to brute-force attacks or to guessing.
- For the Account name for a set of credentials, avoid the use of the default name Admin.
- Remove the FileMaker Server Sample file. Alternatively, give it a new Account name and strong password and remove the auto log-in option.
- Avoid having files set to log-in automatically, even to supposed lower level privileges. Unless you have done an exceptionally thorough job of restricting privileges for such an auto log-in Account, your files are vulnerable to manipulation and compromise. Moreover, use of so-called “Account Management” modules can exacerbate such vulnerabilities.
- Invoke File Access Protection on your files. This is one of the most important protections you can provide to the files.
- Encrypt the file using the new Encryption at Rest feature of FileMaker® Pro 13.
- Encrypt data traveling to and from FileMaker Server by selecting the encryption option in the Admin Console.
- Be aware that User Interface elements such as Custom Menus, “hidden” layouts, and other such items are not part of the Security Schema. Just because a field is on a layout to which the Privilege Set attached to the active Account lacks access, does not mean the contents of that field cannot be changed, deleted, or viewed. Just because a field never appears on any layout does not mean its contents can be read or changed.
- There are numerous ways to invoke scripts even if they do not appear in the Scripts menu or are not attached to buttons on a layout. Be sure you understand the implications to the business processes and business logic of your database if a Threat Agent (attacker) invokes a script in unexpected ways.
- Carefully construct granular-level Privilege Sets to help protect both the data and the structure in your database system. Protect the values used in Record Level Access tests from manipulation or change by an attacker.
- Be sure you understand how the so-called “Other Privileges” items in the Privilege Set definitions actually work. This is particularly true for the Print and Export privilege bits. You might believe that blocking one of these privileges in a file is sufficient to protect the data. That is not necessarily the case.
Steven H. Blackwell
Platinum Member Emeritus
FileMaker Business Alliance