[lug] security question

John Hernandez jph at jph.net
Wed Jun 2 12:06:51 MDT 2010


On the server side of the file transfer, I'd suggest having a look at
the scponly package.

http://sublimation.org/scponly/wiki/index.php/Main_Page

It should be available as a Debian/Ubuntu package, not sure about RH.

On Wed, Jun 2, 2010 at 11:59 AM, Kevin Kempter
<kevin at kevinkempterllc.com> wrote:
> Hi all;
>
> we're moving on a service where we'll need to have a component within our
> clients' networks that will deliver data back to us for analysis/processing.
> Security is a big concern.  We're thinking of something like this:
>
> 1) setup ssh keys onto a cloud server (or a dmz box) for each client
>
> 2) have each client's local processing ssh the data file (zipped and
> encrypted) to the cloud server where the umask for the connecting user will
> be 0477 thus they cannot do anything, and we'll have a process that gets
> called that accepts data from stdin and writes to a file
>
> We'd like to deploy reasonably sufficient security while at the same time keep
> it as simple as possible. We're open to the delivery server being either a
> dmz box within our network or a cloud server for security
>
>
> Here's my questions:
>
> 1) thoughts on the above approach?
>
> 2) thoughts on alternate approaches?
>
> Thanks in advance...
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>



More information about the LUG mailing list