[lug] security question
Maxwell Spangler
maxlists at maxwellspangler.com
Wed Jun 2 16:37:44 MDT 2010
On Wed, 2010-06-02 at 11:59 -0600, Kevin Kempter wrote:
> we're moving on a service where we'll need to have a component within our
> clients' networks that will deliver data back to us for analysis/processing.
> Security is a big concern. We're thinking of something like this:
>
> 1) setup ssh keys onto a cloud server (or a dmz box) for each client
>
> 2) have each client's local processing ssh the data file (zipped and
> encrypted) to the cloud server where the umask for the connecting user will
> be 0477 thus they cannot do anything, and we'll have a process that gets
> called that accepts data from stdin and writes to a file
You can't reliably predict how secure your infrastructure will be in the
future -- who knows what unexpected compromises could be lurking -- but
you can predict how secure your data is based on the encryption you
apply on it. I like that -- so consider very heavy encryption and you
and the client can relax a bit more knowing that even if people get at
the data, they won't be able to use it.
--
Maxwell Spangler
========================================================================
Linux, Unix and Database Administration
Currently: Boulder, Colorado
LinkedIn: http://www.linkedin.com/in/maxwellspangler
More information about the LUG
mailing list