Tag Archives: Security

Why Dropbox is not a good choice for backup storage

This week everybody is talking about the hacking of Dropbox, the popular online storage service that has over 200 million users and keeps anything from private photos to sensitive documents. Malefactors have stolen almost 70 million account details including email addresses and protected passwords.
Continue reading

AWS Security Best Practices: Checklist

AWS Security Best Practices Checklist

Amazon Web Services ensure data security of in compliance with the so-called Shared Responsibility model. It is based on the following assumption: AWS does such operations like decommissioning of old storage devices in accordance to the latest industry standards and controls physical access to data centers, and the user takes care of securing his root credentials, assigns security groups, edits access control list policies and performs identity management. Therefore, the user takes full responsibility for any security breach on his/her side.

Use this checklist to find out if your account is in compliance with AWS security best practices to protect crucial data and ensure stable work for your resources.
Continue reading

CloudBerry Drive 2.2.2 Now Supports Amazon VPC

Introduction

As you may know, one of the leaders on the cloud market, Amazon company, offers Amazon Virtual Private Cloud (VPC). It is an isolated AWS segment which represents a virtual network managed by your team. Now it is fully supported by Cloudberry Drive.

Here you will find a brief feature explanation and guidelines how to connect your Amazon VPC to Cloudberry Drive.

Continue reading

CloudBerry Drive: How to Enable “All Users Mode”

This article refers to CloudBerry Drive 1.4.3 and later.
As always we are trying to make CloudBerry Drive more mature and robust, The newer version of CloudBerry Drive comes an ability to manage mapped drives across all users on a computer.

In previous versions CloudBerry Drive stored mapped drive settings for a particular user by default and then there was an option to share user settings to all but now you can set "all users" mode on install so that all users will initially work with the same settings and be able to manage mapped drives between each other.
Continue reading

How to Avert Hotlinking of images hosted on Amazon S3

Note: this post applies to CloudBerry Explorer 2.2 and later.
As always we are trying to stay on top of the new functionality offered by Amazon S3 to offer the most compelling Amazon S3 and CloudFront client on Windows platform.
Bucket Policy is a new Amazon S3 feature that allows customers to author policies which either grant or deny access to any number of accounts and across a range or set of keys. In our previous blog post we explained how you can leverage CloudBerry Explorer for managing Bucket Policies.
In this blog post we would like to discuss a single option that makes Bucket Policy a very powerful tool to protect your media content hosted on Amazon S3. Bucket policy allows you to restrict which website can link your content effectively preventing hotlinking.
This is important not only because you might want to protect your copyright, but also because hotlinking may cause excessive Amazon S3 transfer fee. Remember, you have to pay each time someone downloads an image.
Let’s see how you can leverage Bucket Policy to prevent hotlinking. Say you have a bucket called mybucket where you keep your public images (or any other media content for that matter)
Then you have a website:cloudberrylab.com
Our goal is to configure the bucket in such a way that no other website can link our images.
1. make sure you don’t have ACL Public Read on any files in mybucketbucket.
2. on the mybucket bucket set up a Policy that will allow all user read the files in the bucket provided that a request is coming from cloudberrylab.com
Here is an example of the policy that will enforce the rule above. You can simply copy it to the policy editor in CloudBerry S3 Explorer PRO modifying the Resource and aws:Referer clauses.
{
"Version":"2008-10-17",
"Id":"http referer policy example",
"Statement":[
{
"Sid":"Allow get requests referred by www.cloudberrylab.com, cloudberrylab.com and IP address",
"Effect":"Allow",
"Principal": {"AWS": "*"},
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::mybucket/*",
"Condition":{
"StringLike":{
"aws:Referer":[
"https://www.cloudberrylab.com/*",
"http://cloudberrylab.com/*", "http://74.208.197.105/*"

]
}
}
}
]
}

The most important element here is the aws:Referer clause
In aws:Referer clause you have to specify all domain names and IP addresses the website is available from. In many cases you will need only to specify just one domain name.
As always we would be happy to hear your feedback and you are welcome to post a comment.
CloudBerry S3 Explorer is a Windows product that helps managing Amazon S3 storage and CloudFront.
Related products:

How to Set up Master Password for Amazon S3 Accounts Using CloudBerry S3 Explorer

Note: this post applies to CloudBerry Explorer 1.6.3 and later.
In this post we would like to introduce our new Master Password feature that protects CloudBerry S3 Explorer from unauthorized access. Although rarely these days some users still work on shared computers where other users have access to their data. Master Password helps you further protect your Amazon S3 account from unauthorized access.

Continue reading