Best way to implement an SFTP server solution?

Question

Hi folks,

I'm currently setting up a commercial SFTP server and I'm just looking for some of your opinions on the set-up I'm currently thinking of implementing, as well as a recommendation as to what commercial Secure FTP server software would be best to suit. Bear in mind that the data i'm responsible for is highly sensitive so any comments/feedback is much appreciated.

Here's the scenario:

1) Before file upload, files are compressed & encrypted using AES 256 with a salt.

2) Files uploaded from the clients' server over SFTP (port 22) to our SFTP server.

3) Files are then downloaded over HTTPS by our other client using one time password verification (strong 10 char alphanumeric password)

The specifics of the implementation I'm thinking of are:

For part (2) above, the connection is opened using host key matching, public key authentication and a user name/password combination. The firewall at both sides is restricted to only allow the static IP of the client server to connect.

For part (3), the other client is supplied with a user name/password on a per user basis (for auditing) to log into their jailed account on the server. the encryption password for the file itself is supplied on a per file basis, so i'm trying to apply two modes of encryption at all times here (except when the files are resting on the server).

Along with dedicated firewalls on both sides, Access control on the SFTP server will be configured to block IP addresses with a certain number of failed attempts over a short time, invalid passwords attempts will lock out users, password policies will be implemented etc.

I like to think that I've covered as much as possible but I'd love to hear what you guys think about this implementation?

For the commercial server side of things, I've narrowed it down to GloalSCAPE SFTP w/ SSH & HTTP module or JSCAPE Secure FTP server - I'll be assessing the suitability of each over the weekend but if any of you have any experience with either i'd love to hear about it also.

Answer 1

So what's wrong with OpenSSH that comes with Linux and the BSDs?

Answer 2

Since the data is clearly both important and sensitive from your clients' perspectives, I'd suggest you consult a security professional. Home-grown solutions are typically a combination of over- and underkill, resulting in mechanisms that are both inefficient and insecure. Consider:

• The files are pre-encrypted, so the only gain from SFTP/HTTPS is encryption of the session itself (e.g. login), but...

• You're using PKI for upload and OTP for download, so there's no risk of exposing passwords, only user IDs -- is that significant to you?

• How will you transmit the one-time passwords? Is the transmission secure?

• Keep in mind that any lockout scheme should be temporary, otherwise a hacker can disable the entire system by locking each account.

Questions to ask yourself:

• What am I protecting?
• From whom am I protecting it?
• What are the attack vectors?
• What are the likelihoods and risks of a breach?

Once you've answered those questions, you'll have a better idea of the implementation.

In general:

• Your choice of AES256 + salt is very reasonable.
• Multi-factor authentication is probably better than multiple iterations of encryption. It's often thought of as "something you have, plus something you know," such as a certificate and a password, requiring both for access.

As far as available utilities, many off-the-shelf packages are both secure and easy to use. Look into OpenSSH, OpenVPN, and vsftp for starters.

Good luck - please let us know what method you choose!

Answer 3

Before file upload, files are compressed & encrypted using AES 256 with a salt.

This part rings some alarm bells...have you written some code to do this encryption/compression? How are you doing the key management? You also say your key is password derived, so your use of AES 256 and salt is giving you a false sense of security - your real key space is much less. Also the use of the term 'salt' is inappropriate here, which suggests further weaknesses.

You would be better off to use a well proven implementation (e.g. something like PGP or GPG).

Also, if you use PGP style public key encryption for the file itself (and decent key management), the security of your SFTP server will matter a lot less. Your files could be encrypted at rest.

The argument for the security of the rest of the system is very convoluted (lots of protocols, authentication schemes, and controls) - it would be a lot easier to secure the file robustly, then do best practices for the rest (which will matter a lot less and also be independent controls).