Cloud, couchdrop, Uncategorized

Transit data and security

Data in transit is one of the most susceptible forms of security vulnerabilities in this 21st century. One of the main reasons behind this is not only due to the traffic traversing the public untrusted internet, but also due to the lack of security processes applied by many companies out there.

Transferring or moving data is encountered on a day to day basis, whether you are transferring to a local network drive, sending an email or uploading to your cloud solution of choice. Because of this IT engineers are not the only ones who are prone to such vulnerabilities, however much of the data that is handled by such a community is often sensitive.

Scattered and decentralized files

Many organisations and users have files scattered from cloud solutions, legacy servers, flash drives and on network hosts. This can cause headaches when it comes to auditing a company’s systems and security infrastructure.

Firewalls and local infrastructure

An issue for IT engineers is getting data from terminals to easily accessible solutions for further analysis or to send on for TAC cases or to a GUI based application. Most IT engineers encounter firewall policies or the lack of a secure local system to transfer files to, additionally how many files have been transferred to the most accessible server by the host you are currently in? If it is as accessible for you to transfer files to it, would it also not be equally as accessible by a potential attacker?

How does Couchdrop help with this?

Couchdrop allows you to SCP, SFTP and Rsync directly to secure cloud solutions and applications easily without the need to change firewall rules or rush to stand up new systems, that are potentially vulnerable, to transfer files to, only to have to transfer them to another system or upload them elsewhere soon after. It also allows for control and accountability of files, as all files are stored in a known location, rather than spread over many systems over many sites.

Couchdrop uses the Secure Copy Protocol (SCP), Secure File Transfer Protocol (SFTP) and Rsync. All of these services establish a Secure Shell (SSH) session as its foundation for its transfer tunnel. The session is encrypted and due to this, the data is secured during transit to the endpoint of choice. .

SSH and Cryptography

SSH utilises public key cryptography. Due to this there are two keys, a public and a private key. Often these keys are automatically generated, however the joys of SSH also allows the end users to create their own RSA key pairs. The public key sits with the host on the remote end and the private key sits with the local host.

Another perk of SSH is that it also requires the likes of a username and password before the session can be established. If the attacker somehow gets a hold of either key, they still require the credentials to establish the session and transfer or pull data utilising SCP.

Once the SCP process has completed. Couchdrop then utilises the Transport Layer Security (TLS) to transfer the file to the selected cloud or endpoint storage solution. TLS is a security technology that establishes an encrypted secure link between a server and client. The encrypted link is established once the server authenticates itself to the client. During the authentication process the client and server establish a set of symmetric encryption keys. Once the authentication has been completed the client and server establish the encrypted session using these symmetric keys.

Couchdrop can save a lot of headaches with security, audits and vulnerabilities as it allows you to get files, where you need them in a secure, structured manner.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s