A couple of STORM users have contacted us recently about making sure their servers are as secure as possible. Although STORM is secure by design there are a three additional methods for improving your security.
Independent User Access
Make sure you don’t share your STORM login with anyone else. Instead you can invite users to your server with just an email address. Unless they’ve been upgraded by one of the Nimbus team a user cannot invite anyone else to STORM.
Should a user leave, rather than resetting all your passwords, you can remove their access by clicking the X against their email address. All their actions will remain in the log for future viewing but access is completely removed.
Keep an eye on the list of users who have access and remove users who are no longer relevant.
Two Factor Authentication
For additional login security you can use two-factor authentication under each user profile. STORM supports any TOTP based app like Google Authenticator, Authy or even 1Password.
Once enabled on each login you’ll be asked for a one-time password alongside your usual password.
By enabling the PCI Compliance setting in STORM it makes a number of changes to improve security. Firstly it disables the old and rather insecure TLS 1.0 encryption method for https. Secondly it only allows access to FTP from the IP addresses under the Security Tab.
If you need any help with these options please contact the Nimbus Hosting Support Team.