Clever Geek Handbook

Best way to implement SFTP server solution?

I'm currently building a commercial SFTP server and I'm just looking for some of your opinions on the setup I'm currently planning to implement, as well as recommendations on what commercial Secure FTP server software would be best suited to. Please be aware that the data I am responsible for is very sensitive, so any comments / feedback is greatly appreciated.

Here's the script:

1) Before uploading files, files are compressed and encrypted using AES 256 with salt.

2) Files uploaded from client server via SFTP (port 22) to our SFTP server.

3) The files are then uploaded over HTTPS by our other client using one-time password verification (strong 10 char alphanumeric password)

The implementation specifics I'm thinking about is this:

For part (2) above, a connection is opened using host key mapping, public key authentication, and username / password combination. The firewall is restricted on both sides to only allow the static IP address of the client server.

For part (3), another client is supplied with a username / password for each user (for auditing) to log into their jailed account on the server. the encryption password for the file itself is provided on a per file basis, so I am trying to use two encryption modes here (except when the files are on the server).

Along with dedicated firewalls on both sides, the access control on the SFTP server will be configured to block IP addresses with a certain number of failed attempts in a short time, invalid password attempts will block users, password policies will be enforced, etc.

I like to think I've covered as much as possible, but I'd love to hear what you guys think about this implementation?

As for the commercial server side, I've narrowed it down to GloalSCAPE SFTP with SSH and HTTP module or AOAPE secure FTP server - I'll be evaluating each one over the weekend, but if you have any experience I would love to hear too about it.

+1


source to share


3 answers


Since the data is clearly important and sensitive from the perspective of your customers, I suggest you contact a security professional. Home solutions tend to be a combination of over and under levels, resulting in ineffective and unsafe mechanisms. Consider:

  • The files are pre-encrypted, so the only advantage of SFTP / HTTPS is to encrypt the session itself (like login), but ...

  • You use PKI for upload and OTP for upload, so there is no risk of password exposure, only user IDs - is this important to you?

  • How will you transfer one-time passwords? Is the transfer secure?

  • Keep in mind that any blocking scheme must be temporary, otherwise a hacker could shut down the entire system by blocking every account.

Questions to ask yourself:

  • What am I defending?
  • Who am I protecting him from?
  • What are attack vectors?
  • What are the probabilities and risks of violation?

Once you answer these questions, you will have a better understanding of this implementation.



Generally:

  • Your choice of AES256 + salt is very reasonable.
  • Multi-factor authentication is probably better than multiple iterations of encryption. It is often thought of as “something you have plus something you know,” such as a certificate and password that both require access.

In terms of the utilities available, many of the pre-packaged packages are safe and easy to use. Have a look at OpenSSH, OpenVPN and vsftp for starters.

Good luck - let us know which method you choose!

+7


source


So what happened to OpenSSH that ships with Linux and BSD?



+2


source 


Before file upload, files are compressed & encrypted using AES 256 with a salt.

This part rings some wake-up calls ... did you write some code for this encryption / compression? How do you manage your keys? You also say that your key is a password, so using AES 256 and salt gives you a false sense of security - your real key space is much smaller. Also, the use of the term "salt" is impractical here, which indicates further disadvantages.

You will be better off using a well-established implementation (like something like PGP or GPG).

Also, if you use PGP public key encryption for the file itself (and proper key management), the security of your SFTP server will matter much less. Your files can be encrypted at ease.

The security argument of the rest of the system is very convoluted (many protocols, authentication schemes, and controls) - it would be much easier to secure the file resiliently and then make best practice for the rest (which would be much less important, and also be independent control).

+1


source






More articles:


All Articles