Encryption in FMP13 advanced

[fed]

I am very happy to hear that FMP13 Advanced offers database encryption.  I got the demo, but the encryption feature is not available in the demo.  I contacted Filemaker to ask about encryption, but they did not respond.

 

Has anyone tried the new encryption out?  I am very interested in how it is implemented as well as it's functionality and security strength.

 

Any help would be greatly appreciated.

 

 

Thank you in advance,

 

Fed

[Ocean West]

FileMaker Encryption At Rest is to protect the file from threat agents, should your file be on a backup or on a disk. It requires FileMaker Pro Advance to enable. In addition there is SSL encryption for securing the data between Server and Client(s)  (Pro, Go, WD)

 

 

Here is some most excellent information:

 

http://fmforums.com/forum/blog/13/entry-709-newest-version-of-filemaker-platform-brings-significant-major-security-enhancement/

[Steven H. Blackwell]

Encryption at Rest (EAR) uses industry-standard 256 bit encryption.  Always select a strong encryption password.  There is a small meter in the developer utilities section where EAR resides that will give you the strength.

 

Steven

[fed]

Thanks.

 

Can you encrypt individual records, or just the whole database?

 

What about encrypting exported files?

 

Also, if I use a 2nd FMP database that can be shared between 2 users (at different times) can encryption be used for that file?

 

Thanks again

[Ocean West]

Whole database.

 

No encryption on exported files. 

 

Any database that is encrypted can be "shared" first user that opens he file must present both the EAR and account credentials. 

 

For any additional encryption (field level or record level) you can use a plugin but that adds more overhead and time to encrypt & decrypt. 

or you may need to store a Hash of the unencrypted data so you could search the database by hashing the search string then matching the hashes.

[Steven H. Blackwell]

FileMaker Server can be instructed to open the encrypted file for access by authorized users who then authenticate with their credentials.

 

Steven

[fed]

I bought the advanced program, and I got the encryption working.

From a security standpoint, is it really necessary to include an account name and password, if there is only one user, and the file is encrypted?

[sal88]

Great development here! 2 queries:

1. One potentiality we need to consider is if our servers are physically moved (stolen) and then switched on elsewhere. Particularly as we have external authentication via AD, this could be a serious problem. Are there any methods that can be employed to stop data access in this scenario?

2. What is the best pre FM 13 EAR solution? The biggest issue for us is protection of the backup files.

 

Many thanks

[Steven H. Blackwell]

1.  Never use External Server Authentication to authenticate a [Full Access] Account.

 

2.  Unless they also steal the Domain Controller, they would have to guess the Group Names to spoof the domain.  Possible.

 

3.  Remove the [Full Access] Accounts from the file using the Developer Tool.

 

4.  Employ File Access Protection.

 

5.  Do not use auto-enter credentials.

 

6.  Employ robust and granular Privilege Set construction for all Privilege Sets.

 

Steven

[fed]

What about my question. No server, 1 user. Database on one computer. Encryption enabled, no other security. Is that enough?

[Steven H. Blackwell]

Not in my view.  Use Account name and password as FileMaker Pro provides.

 

Steven

[sal88]

Thanks for your help Steven!