Transit data and security

Data in transit is one of the most susceptible forms of security vulnerabilities in this 21st century. One of the main reasons behind this is not only due to the traffic traversing the public untrusted internet, but also due to the lack of security processes applied by many companies out there.

Transferring or moving data is encountered on a day to day basis, whether you are transferring to a local network drive, sending an email or uploading to your cloud solution of choice. Because of this IT engineers are not the only ones who are prone to such vulnerabilities, however much of the data that is handled by such a community is often sensitive.

Scattered and decentralized files

Many organizations and users have files scattered from cloud solutions, legacy servers, flash drives, and network hosts. This can cause headaches when it comes to auditing a company’s systems and security infrastructure.

Firewalls and local infrastructure

An issue for IT engineers is getting data from terminals to easily accessible solutions for further analysis or to send on for TAC cases or to a GUI based application. Most IT engineers encounter firewall policies or the lack of a secure local system to transfer files to, additionally how many files have been transferred to the most accessible server by the host you are currently in? If it is as accessible for you to transfer files to it, would it also not be equally as accessible by a potential attacker?

How does Couchdrop help with this?

Couchdrop allows you to SCP, SFTP, and Rsync directly to secure cloud solutions and applications easily without the need to change firewall rules or rush to stand up new systems, that are potentially vulnerable, to transfer files to, only to have to transfer them to another system or upload them elsewhere soon after. It also allows for the control and accountability of files, as all files are stored in a known location, rather than spread over many systems over many sites.

Couchdrop uses the Secure Copy Protocol (SCP), Secure File Transfer Protocol (SFTP) and Rsync. All of these services establish a Secure Shell (SSH) session as its foundation for its transfer tunnel. The session is encrypted and due to this, the data is secured during transit to the endpoint of choice.

SSH and Cryptography

SSH utilizes public-key cryptography. Due to this, there are two keys, a public, and a private key. Often these keys are automatically generated, however, the joys of SSH also allow the end-users to create their own RSA key pairs. The public key sits with the host on the remote end and the private key sits with the localhost.

Another perk of SSH is that it also requires the likes of a username and password before the session can be established. If the attacker somehow gets a hold of either key, they still require the credentials to establish the session and transfer or pull data utilizing SCP.

Once the SCP process has completed. Couchdrop then utilizes the Transport Layer Security (TLS) to transfer the file to the selected cloud or endpoint storage solution. TLS is a security technology that establishes an encrypted secure link between a server and a client. The encrypted link is established once the server authenticates itself to the client. During the authentication process, the client and server establish a set of symmetric encryption keys. Once the authentication has been completed the client and server establish the encrypted session using these symmetric keys.

Couchdrop can save a lot of headaches with security, audits, and vulnerabilities as it allows you to get files, where you need them in a secure, structured manner.