RhinoSoft Privacy Policy

What information do we collect?

We collect information from you when you register on our site, place an order, subscribe to our newsletter, respond to a survey, or fill out a form.

When ordering or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number, or credit card information. You may, however, visit our site anonymously.

What do we use your information for?

Any of the information we collect from you may be used in one of the following ways:

Note: If you would like to stop receiving email messages from us, please follow the unsubscribe instructions in the email you received.

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.

We use secure technology to protect personally identifiable information. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Database to be only accessed by those authorized with special access rights to our systems, and are required to keep the information confidential.

After a transaction, your private information (credit cards, social security numbers, financials, etc.) will be kept on file for the minimum period required to comply with U.S. statues on retention of purchase information. (The current retention requirement is three years.)

Do we use cookies?

Cookies are small units of data that a site or its service provider transfers to your computer through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.

We use cookies to help us remember and process the items in your shopping cart, understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services may not function properly. However, you can still place orders over the telephone or by contacting customer service.

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.

Third party links

Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

California Online Privacy Protection Act Compliance

Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.

Childrens Online Privacy Protection Act Compliance

We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

Your Consent

By using our site, you consent to our RhinoSoft Privacy Policy.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page, and/or update the Privacy Policy modification date below.

This policy was last modified on January 19, 2012.

Contacting Us

If there are any questions regarding this privacy policy you may contact us through the contact options on our web site at www.RhinoSoft.com.

Please enter your e-mail address and password in the fields below.

Email Address:

Password:

   
 

RhinoSoft.com - Newsletter Archive

Contact
View Shopping Cart
Products Downloads International Purchase Support Company

<< -- Back to Newsletter Archive homepage.

12-07-2009 - IP Access Rules and Secure Passwords In Serv-U

Hello,

Welcome to another installment of the RhinoSoft.com newsletter. You are getting this newsletter because you signed up on our web site. If you would like to stop receiving these newsletters, please visit: http://www.RhinoSoft.com/newsletter/unsubscribe.asp

The intent of this newsletter is to give you some pointers on our products. This newsletter highlights Serv-U's security features.

IP Access Rules In Serv-U

One of the most powerful but misunderstood features of Serv-U is the use of IP Access rules to configure access to the server. IP Access rules allow administrators to define which Internet hosts are trusted by Serv-U enough to log in, which hosts are not trusted for logging in, and even allows specific user accounts to be restricted to connections from certain IP addresses.

By default, Serv-U allows anyone to connect and provide a username and password combination to log in to the server. If their username and password do not match a valid account, the user cannot log on. IP Access rules provide an extra layer of security in this regard. If a rule is defined at the Server level or at the Domain level, users who are not trusted by the IP Access rules will be disconnected immediately and not allowed to log on. If a rule is defined at the user level, the user will be allowed to log on but after the username and password are provided, if the user's IP address does not match a trusted IP address, the logon will be rejected.

Allow vs Deny Rules

There are two types of IP Access rules: "Allow" and "Deny". "Deny" rules are simpler to understand so we will cover them first.

A "Deny" IP Access rule defines an IP address, or a range of addresses that are not allowed to connect to Serv-U (or to log on using a certain user account). When a "Deny" rule is configured, Serv-U will deny connections from "Denied" addresses, but allow connections from all other hosts. This is most commonly seen when a server is under attack by an automated password-guessing utility, and is covered in the next section. Rules can also be set up for IP ranges that are known to host malware and pose a threat. These rules are optional for security, but remember that as long as you choose secure passwords for your users the chance of a dictionary attack being successful is very small.

An "Allow" rule is more complex. Whereas a "Deny" rule only blocks specific IP addresses, an "Allow" rule instead explicitly allows connections only from specific IP addresses and denies all other connections by adding an implicit "deny-all" rule to the end of the list. This "deny-all" will not be visible in the list, but it is implied since an "Allow" rule indicates that you will be explicitly stating all users who may connect.

The "Allow" rule, then, requires more planning and care than a "Deny" rule. Using "Allow" rules effectively allows you as an administrator to restrict incoming connections to only IP address ranges that you trust, which may be only internal IP addresses or perhaps your IP range and that of a partner. If you configure IP Access rules and find that you can no longer connect to Serv-U, it is usually because an "Allow" rule was added incorrectly, and all that is necessary is to configure it so your IP range is part of the trusted IP addresses.

IP Access Rule Formatting

IP Access rules can be entered either as a single host, as a wildcard, as a reverse DNS record or as a CIDR block of addresses. The following are all valid IP Access rules:

192.168.1.70 - Specifies a single host

192.168.1.* - Specifies all addresses in the 192.168.1.1-255 range

192.168.1.0/24 - Specifies all addresses from 192.168.1.1-255 using CIDR notation

*google.com - Specifies all IP addresses whose reverse DNS record resolves to an address including the string "google.com"

Blocking Brute Force / Dictionary Attacks

Serv-U also supports the option to automatically block brute force attacks that try to repeatedly guess passwords. To enable this option, open the Server Limits & Settings | Settings menu, and enable the "Block users who connect more than..." option on the top of the page. Remember that only incomplete and unsuccessful connections are counted against users, so a user who opens 10 FTP transfers at the same time will not trigger the limit because he has valid credentials for each connection.

Creating Secure Passwords

Good passwords are at least six characters long or more, include upper/lower case letters and at least one number, and are not based on dictionary words. These passwords are often based on phrases that are easy to remember, such as:

"I love my dog Ginger" -> "1lmdGin"
"Serv-U is my file server" -> "SUim5S"

These phrases help make passwords easier to remember and help mitigate the "passwords on sticky notes" risk that can happen when users choose passwords which make little sense, such as a truly random character combination.

Try Serv-U Free for 30 Days

Download Serv-U:
http://www.Serv-U.com/download/

FREE SUPPORT OPTIONS

If you need technical or sales support, please use one of the following URLs. Our support turn-around time is very fast during normal working hours Central Time U.S.:

Technical Support:
http://www.RhinoSoft.com/support

Knowledge Base:
http://www.RhinoSoft.com/kb

Sales Support:
http://www.RhinoSoft.com/sales

ON-LINE CUSTOMER SERVICE

If you need to change any of your customer information, you can make changes on-line. The RhinoSoft.com On-line Customer Service page allows you to resend your registration ID, receipt, invoice, and change your information in our database. To use visit:
http://www.RhinoSoft.com/customer

Thank you for taking the time to read.

Thomas J. Parikka - Technical Support Engineer
http://www.RhinoSoft.com
Voice: +1(262) 560-9627
FAX: +1(262) 560-9628
Privacy Policy
Site Map   •   Purchase  •  Home  •  Support