One of the most important (though often overlooked) sections in Syncplify Server!’s Admin UI is the General Security Settings page. It allows you to configure the behavior of the Protector subsystem, which automagially identifies attacks and sends the attackers’ IP addresses into the block-list, as well as several other aspects that are very important to keeping your SFTP server safe.

Our security team here at Syncplify always keeps a keen eye on the evolving attack landscape, and updates the default values of those security settings when necessary. But that only applies to new installations! Since we don’t have access to our customers’ instances (we’re not a SaaS company) chances are that if you installed Syncplify Server! a while ago your security settings might benefit from a little tweaking.

So, without further ado, here we go. Let’s start with Protector.

The three Protector settings that you may want to look into are:

• Protector behavior: please make sure this is set to “Normal” unless you have a very compelling reason to use a different setting; Normal proved to be 100% effective at preventing attacks, without causing disruption to your legitimate clients like higher levels might do.

• Time window: this is the rolling time frame in which Protector considers strikes to belong to the same attack. In older versions of our software it used to default to 20 or 30 minutes, because in the past hackers used to prefer fast-paced attacks; Nowadays slow-paced attacks are far more common, so we recommend a value between 60 and 120 minutes for this setting.

• Number of errors: if a client causes these many errors within the time window explained here above, its connection will be immediately interrupted and its IP address will be added to the block-list (unless, of course, such IP address is in the safe-list). We now recommend to set this parameter to a number between 5 and 7: lower than 5 and your legitimate clients making honest mistakes may be block-listed, more than 7 and you may be too lenient against real attackers.

The only other setting we recommend you to set is this:

And we recommend the exact value of 0.06 seconds. There’s a good reason for that: most vulnerability scanners will flag your server if it accepts more than 20 connections per second. Mind you, this would still be a false positive from your vulnerability scanner, but still, you’d likely want to save yourself from this annoyance.

Technically 0.05 would be exactly 20 connections acceptances per second, but we noticed that some vulnerability scanners have a creative sense of time, therefore a value of 0.06 seems to be the one that keep the pen-testers at bay while, at the same time, providing the best protection against DoS and DDoS attacks.

There you have it, that’s all for today folks!