October 31, 2018 Blog FileMaker 17 FileMaker Meetup FileMaker Techniques APIAWSPause On ErrorsecuritySSH Pause on Error Conference Recap This past October 22-23rd, our very own Matt Navarre and Ian Harris both attended and presented at the Pause on Error conference in Chicago. This conference was the first of its kind; there had never before been a FileMaker conference on a single topic, let alone security. Several presenters shared security exploits that they felt security experts should know, but that they did not want to become common knowledge, and multiple requests were made not to share the techniques demonstrated. Matt Navarre, the CEO of AppWorks, found that “learning about the different types of exploits that are possible and the relative ease with which you can hack – by two hours in on the very first day, everyone was pretty scared. That was their goal.” He says, with regards to the scope of hacking, “there are really accessible tools to look up scary information – there are hundreds.” His recommendation is a holistic approach to security due to the myriad of ways in which a system can be accessed, “with security, you have to do everything, you can’t just do one thing – you are only as secure as your weakest link.” Matt and Ian are seen as leaders in the FileMaker Server security field, and they presented on the best FileMaker practices for Amazon Web Services (AWS). Matt noted that AWS presents a daunting array of security tools for which the default settings are not particularly secure. Some degree of knowledge and expertise is required to properly secure a system. Ian recommends that businesses using cloud-based hosting take a careful look at remote access roles, such as remote desktop access, SSH, etc. He suggests as a general best practice that businesses running AWS should set up detailed monitoring and logs. For example, if there are many failed login attempts from a specific address, you should be able to log these events and react quickly. Matt and Ian attended eye-opening talks that touched on encryption at rest (EAR) and the security concerns with using new data APIs. We will be discussing the Pause on Security conference at our upcoming meetup next Wednesday, November 6th. Please join us for discussion, tips, pizza and beer at 6PM. By Eleanor Fulton