We are using SFTP through a single firewall for exchange of various files with third parties. To improve security,...
I have now segmented the FTP server from the internal network and added a second firewall. What can I use that will, in real time, transfer files from a server on a DMZ to the internal FTP server without providing access to third parties?
I am assuming you are looking for some form of SFTP automation when it comes to sending files between the server in the DMZ and a local server. There are a couple of ways to facilitate this FTP/DMZ transfer. The easiest would be to leverage public key authentication.
Assuming your DMZ server is the target to push and pull files from the internal system, generate a key pair using ssh-keygen on your internal system. Do not specify a password when created. Move the public copy of this key pair (id_rsa.pub) and append it to the end of the authorized_keys file on the server. Once that is done, you should be able to automate the SCP or SFTP transfer of the file without it prompting you for the password.
The system is able to support this is because you have the corresponding private key on the internal server whose public key is authorized on the DMZ server. In this technique, it is crucial to keep the private key safe. Also, ensure only the internal host is authorized to make the file transfer request to the host on the DMZ and not vice versa.
Dig Deeper on Enterprise network security
Related Q&A from Anand Sastry
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Continue Reading
When setting up a site-to-site VPN, where should the VPN endpoint be in the DMZ? Learn more in this expert response. Continue Reading
IEEE 802.11 has several known vulnerabilities, so what's the best way for enterprises to handle them? Expert Anand Sastry explains. Continue Reading