Security Basics mailing list archives

Re: Secure file transfer

From: 00naught <RU7hL355 () cia com>
Date: Wed, 13 Jun 2007 16:18:21 -0700

Secure transfer ... of the top of my head I would say SCP/SFTP is yourfriend here.

Basically, lacking more details, I would say that the simplest way to dothis is by setting up a box that only allows SSH logins. You can tweakthat as you see fit, as between the firewall rules and the"authorized_keys" restrictions you can have quite fine access control.With that plus the regular *nix file permissions you should be able tokeep things under control. This would take care of things at your end.

At the client end, things would be different according to the client OS.If the clients can use one of the *nixes, you are set as either scriptsor SSHFS, via fuse, can work. If the clients are mostly windows, thereare also several options. For people who are the least computer savvy Iusually recommend "sftpdrive" which is a network file system forwindows. Not expensive, and maps your box to a drive letter on theclient machine. If someone can copy files to a floppy/network drivethey can use sftpdrive - http://www.sftpdrive.com/. (Needless to say, Iam but a happy user of their software.) Other options, for example,could be cygwin or putty based.

Yet another, completely different, option would be webDAV. I like thisfor situation where security is needed but it's not a life and deaththing. Most people would either use a web browser for access or thebuilt in windows "client" and if you've read these lists long enough youknow what that means.

WebDAV offers the advantage (???) of only needing a name/password pairfor access, while anything SSH would require that you somehow get theclients' public keys into the server. More work for you, but moresecure. IMHO, and all that.


Good luck,
Naught

Are there any good solutions for secure file transfer in a corporateenvironment.



This should also cater for:


1. Secure transferring of large files which cannot be emailed.


2. Allow the tranfer of these files to people on the internet.


3. There should be very little administration of accounts.


4. It should be assumed that the files are of a sensitive nature.


What are the best practices for this and the security implications?

Current thread:

Secure file transfer u . bodalina (Jun 13)
- Re: Secure file transfer Nick Owen (Jun 13)
- RE: Secure file transfer Alex Alexiou (Jun 13)
- Re: Secure file transfer Manuel Arostegui Ramirez (Jun 13)
- Re: Secure file transfer João Gabriel (Jun 13)
- Re: Secure file transfer David Bergert (Jun 14)
- <Possible follow-ups>
- Re: Secure file transfer krymson (Jun 13)
  - Re: Secure file transfer security.xentek (Jun 13)
    - Re: Secure file transfer 00naught (Jun 13)