RhinoSoft Privacy Policy

What information do we collect?

We collect information from you when you register on our site, place an order, subscribe to our newsletter, respond to a survey, or fill out a form.

When ordering or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number, or credit card information. You may, however, visit our site anonymously.

What do we use your information for?

Any of the information we collect from you may be used in one of the following ways:

Note: If you would like to stop receiving email messages from us, please follow the unsubscribe instructions in the email you received.

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.

We use secure technology to protect personally identifiable information. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Database to be only accessed by those authorized with special access rights to our systems, and are required to keep the information confidential.

After a transaction, your private information (credit cards, social security numbers, financials, etc.) will be kept on file for the minimum period required to comply with U.S. statues on retention of purchase information. (The current retention requirement is three years.)

Do we use cookies?

Cookies are small units of data that a site or its service provider transfers to your computer through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.

We use cookies to help us remember and process the items in your shopping cart, understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services may not function properly. However, you can still place orders over the telephone or by contacting customer service.

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.

Third party links

Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

California Online Privacy Protection Act Compliance

Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.

Childrens Online Privacy Protection Act Compliance

We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

Your Consent

By using our site, you consent to our RhinoSoft Privacy Policy.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page, and/or update the Privacy Policy modification date below.

This policy was last modified on January 19, 2012.

Contacting Us

If there are any questions regarding this privacy policy you may contact us through the contact options on our web site at www.RhinoSoft.com.

Please enter your e-mail address and password in the fields below.

Email Address:

Password:

   
 

RhinoSoft.com - Newsletter Archive

Contact
View Shopping Cart
Products Downloads International Purchase Support Company

<< -- Back to Newsletter Archive homepage.

11-10-2009 - Secure File Transfer Choices In Serv-U 9

Hello,

Welcome to another installment of the RhinoSoft.com newsletter. You are getting this newsletter because you signed up on our web site. If you would like to stop receiving these newsletters, please visit: http://www.RhinoSoft.com/newsletter/unsubscribe.asp

The intent of this newsletter is to give you some pointers on our products. This newsletter highlights Serv-U's security features.

Meeting With Our Accountants

Recently I had a meeting with RhinoSoft.com's accountants. After discussing the issues for the meeting, the conversation drifted toward how their accountants receive files from their clients. In almost all cases their accountants ask their clients to email their accounting databases and other financial records to them for processing. I know they do this because they've asked us to email our records to them as well!

Naturally, we don't send sensitive information to our accountants via email, instead I have a server dedicated to sensitive material through which they may upload and download files. Normally our accountants will take our accounting software files, make modifications, then give them back to us. For other clients this is usually all done via email. For us it's all done securely via web browsers.

Email is so Insecure

So, maybe you're asking yourself, "what's wrong with sending sensitive files via email" or "yeah, that's what our accountants do too". Well, there are several problems sending sensitive data via email.

First; the connection to your SMTP server is probably insecure, meaning the data that is being sent to your mail server can be read, on the Internet, by anyone trying hard enough.

Second; even if your connection to your email server is secure (i.e., using SSL), there is no guarantee that the next email server connection will use a secure connection. Normally when an email message is sent it first gets sent to your email server, which in-turn, sends it to another email server, normally the end recipient's email server. In some email configurations, there will be even more servers and connections.

Third; your email message will sit on each server, for some period of time, probably in an unencrypted form, usually exactly as it was sent. Anyone with access to that server, whether it's a system administrator, an employee of an ISP, or someone just passing by the server, can read your email message, copy it, modify it, or even delete it.

Fourth; chances are that the recipient of the email message will not be using a secure connection to receive the message. Like the first point listed above, the data transferred over the Internet will be completely unencrypted. Prying eyes will be able to see that sensitive data!

Okay, you're thinking my email client is setup to transfer messages securely, I'm not worried. You should worry, unless you're 100% confident you know every step of your email message, and how it's stored throughout the delivery process.

Serv-U Has Many Secure Choices

You're convinced. You know email isn't a good choice for sensitive data, so now what? Serv-U. Serv-U can solve the problems listed above. Here's how:

1) Create user accounts that require a secure connection. Serv-U supports FTPS (Serv-U Silver & Gold), HTTPS (Serv-U Gold), and SFTP via SSH2 (Serv-U Gold). There are several ways to ensure a secure connection is used:

a) Create secure listeners only. Create only FTPS, HTTPS, and SFTP (SSH2) listeners.

b) If some non-secure access is still desired, force users to login securely. For desired users or groups, select the "Limits & Settings" tab, double click on "Require secure connection before login.", answer "Yes" to create the limit, check the check mark. This setting is also available for the entire server or domain.

c) Disable non-secure protocols for the user or group. These settings are available under "Limits & Settings" as well.

When using one of the secure protocols, all transferred data is encrypted while being transferred over the Internet.

2) Use Windows to encrypt the contents of the target directories for these user accounts. Anyone trying to read these files will be unable without the proper credentials.

3) Since files are being transferred to a secure location (i.e., a server running Serv-U), file are also transferred from this server by the recipient. Unlike email messages where several servers can be between the sender and recipient, your Serv-U server acts as a repository for the exchange of sensitive data.

4) No special client-side software is required. Serv-U provides for 2 built-in secure clients; the Web Client and FTP Voyager JV. When connecting to Serv-U via HTTPS both of these highly secure clients ensure the data is protected from prying eyes. If your application requires a less-sophisticated solution, the Web Client is perfect. If you need something more powerful FTP Voyager JV is the perfect fit.

5) Serv-U has the ability to perform certain events. If you're really concerned about how long sensitive data sits on the server, create an upload event to email a notification to those concerned so immediate action may be performed.

6) If you're required to use an even more secure connection FIPS 140-2 mode ensures the highest level of security for all secure transfers. To enable FIPS 140-2 mode, select the check box under the "Encryption" tab for the server "Limits & Settings". Be aware that some FTP and SFTP clients may not support this higher level of security.

Serv-U 9.0 Improves User Administration

If your company has a lot of clients who would use this solution but your IT resources are limited, Serv-U can help with this as well. Creating client accounts can be a snap, here is my suggestion.

1) Install Serv-U on a computer with plenty of disk space.

2) Determine where you would like to store user home directories, let's use "C:\Serv-U Users"

3) After creating your domain, create a group, call it "Clients". In the "Home Directory" field enter "C:\Serv-U Users\%USER%". Serv-U expands %USER% to the login ID for a particular user.

4) Go into the "Limits & Settings" tab, double click on "Require secure connection before login.", answer "Yes", select the check box then save.

5) Select the "Events" tab for the group. Select the "Create Common Events" button. Select "Email", then enter any email address (the email address doesn't matter). A bunch of events are created, delete all but the "User Welcome Message" (select multiple items using the Shift or Control key while clicking).

NOTE: this event may be created for the entire domain if desired.

6) Double click on the "User Welcome Message" event and customize as you see fit. It might be a good idea to provide a direct HTTP link in this message. For example, http://demo.Serv-U.com/&user=$Name&password=$Password so all a client needs to do is click the link. Save the group.

NOTE: Be sure your server or domain SMTP configuration is setup. These configurations are found under the "Settings" tab of the server and domain pages by pressing the "Configure SMTP" button.

7) Navigate to the users page, change the default user template to include your newly created group. Select the "Template" button. Under the "Groups" tab, select the group, press the left arrow to make all new users members of this group. Save the template.

8) Create users using the "Wizard" button. Enter the login ID, User's full name, and the email address. Step 2; the password page automatically generates a random password for you. Step 3; enter a new Home Directory, or use the one from the group. Step 4; the final step, select FULL Access.

When a new user is created, the new user will receive an email message providing login instructions for the account. Any additional user accounts are created using the wizard only, just a few simple steps.

Serv-U 9.0 For Our Accountants

As you can see, we have a simple solution for our accountants so they can now ensure sensitive data is safe. Maintaining client user accounts is now accomplished and automated through a simple 4-step wizard, of which 2 steps are completely skipped. Creating a user account takes just 15 seconds or less.

There are alternate methods to the above, such as simply entering "C:\Serv-U Users\%USER%" into the user template instead, but that's just slightly less flexible over time. If you find alternative setups that suite your needs, feel free to use those methods. Serv-U is designed to accommodate your needs.

Try Serv-U Free for 30 Days

Download Serv-U:
http://www.Serv-U.com/download/

FREE SUPPORT OPTIONS

If you need technical or sales support, please use one of the following URLs. Our support turn-around time is very fast during normal working hours Central Time U.S.:

Technical Support:
http://www.RhinoSoft.com/support

Knowledge Base:
http://www.RhinoSoft.com/kb

Sales Support:
http://www.RhinoSoft.com/sales

ON-LINE CUSTOMER SERVICE

If you need to change any of your customer information, you can make changes on-line. The RhinoSoft.com On-line Customer Service page allows you to resend your registration ID, receipt, invoice, and change your information in our database. To use visit:
http://www.RhinoSoft.com/customer

Thank you for taking the time to read.

Mark P. Peterson - President
http://www.RhinoSoft.com
Voice: +1(262) 560-9627
FAX: +1(262) 560-9628
Privacy Policy
Site Map   •   Purchase  •  Home  •  Support