We recently worked with a law firm that required a file sync & share solution so its attorneys, associates, and expert witnesses could securely review evidence for client cases from any location. On a day-to-day basis, the firm’s legal team spends much of their time attending hearings, taking depositions, and representing cases in court. With the fast-paced schedule of a fledging law firm, it was difficult for each staff member to anticipate which files they would need at the start of each day and copy them to their corporate laptop or external hard drive.
Many firms seeking a file sync & share solution go with a subscription service such as Dropbox, Box, Google Drive or Microsoft OneDrive for Business. Our client was a highly technical law firm focusing on defense and litigation of technologically complex cases, surrounding cybersecurity and digital forensic techniques. During our initial discussion with one of the firm’s partners, he repeatedly emphasized that data security & confidentiality was the number one priority for this project. Given the sensitive nature of the firm’s work, a key requirement was to maintain physical control over the data without uploading it to the public cloud.
Some of the hard drive dumps which our client would routinely handle for their digital forensics work could be as large as multiple terabytes (TB) in size. Many cloud storage services, including OneDrive, limit the size of an individual file to 15GB or less, which proved impractical for our client’s intended use case.
The client required a file sync & share solution which could be run on-premise, on the client’s own hardware. The workflow was desired to be similar to Dropbox or Google Drive, supporting secure access & sharing of the stored files from any Internet-connected location. The firm’s associates also needed WebDAV access so they could use a mobile application on their iPad to collaborate on PDF documents and stay productive on the go. For data security reasons, all data needed to be encrypted at-rest and in-transit. The client wanted the ability to remotely manage the server, but for it to remain protected from attackers.
Recommendation and Result
We helped the client select suitable hardware to install Seafile Professional Edition on CentOS 7 with real-time replication across a primary & backup node. CentOS 7 was selected due to its proven reliability in server applications and 10 year support cycles for each release.
The storage volume for the Seafile and MySQL data directories is backed by a RAID 5 array of 4 x 10TB hard drives, providing an overall usable capacity of 30TB and protection against a single drive failure. For security of the data at rest, we configured LUKS full disk encryption so it would require a passphrase on each boot.
Both of the client’s sites had Gigabit Fiber uplinks, which allowed us to use Seafile’s real time backup functionality over an HTTPS connection. As soon as file is written to the master server, it would be copied over to the corresponding library on the off-site backup server almost immediately. As a result, a near-zero Recovery Point Objective (RPO) can be achieved, as the backup is continuously written with the latest data. In the unlikely event the primary Seafile server became unusable, the client would immediately be able to access their data on the backup server. The primary server would then be restored by replacing the faulty component and/or rebuilding the RAID array.
We configured nginx as a high performance reverse proxy pointing to the Seahub’s built in web server, protecting data in transit using up-to-date TLS ciphers, SSL stapling and HTTP Strict Transport Security (HSTS). All non-secure requests would be automatically redirected to HTTPS, preventing data from inadvertently being transmitted insecurely. The SSL certificate would be automatically renewed from a recognized Certificate Authority (CA) before expiration, preventing unexpected certificate errors in any modern desktop or mobile browser.
We also had the client purchase a set of uninterruptable power supply (UPS) units, which would provide battery backup to both servers in the event of a power failure. As the servers relied on a PFC power supply, it was essential that these battery backups provided pure sine wave power. The model we chose met that requirement, and also provided a monitoring daemon to minimize the risk of data corruption from an unexpected shutdown.
The server was hardened against overall attack by configuring the SSH daemon with key based authentication, fail2ban, iptables rules and automatic yum package updates. The MySQL replication was also secured with client/server certificates which would require the slave server to authenticate to the master server using a cryptographic key, preventing the leaking of any Seafile metadata to an unauthorized party.
For more information