0

a customer asked me to set up an automatic backup system in which a machine transfer some important data (.sql dumps) via FTP. He doesn't want SFTP, only FTP.

So I ended up doing three things:

  • I used FTPS protocol with TLS disabling SSLv2 & SSLv3
  • I encrypted .sql dumps with gpg before transferring them
  • I blacklisted every ip but the one of the backup machine so only that machine can connect to the ftps server

Now the transfer should be secure, even if not using SFTP. Before submitting my work, I would like to ask your opinion:

Are there other useful tips to be even more secure? Is this method enough secure for transferring sensitive data (excluding SFTP which is NOT an option)? I use "curl" to do the FTPS transfer and vsftpd for FTPS server.

Thanks

DrO

Wyatt Gillette
  • 105
  • 4

1 Answers1

0

Only tip I think off apart what you did is a vpn tunnel between the two site/endpoint. It would add an extra layer if the transfert hit the copper from a public ISP.

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
  • I forgot to mention that the backup machine has to fetch the backups from several machines (like 20-30), so I would have to create a very large vpn to include all the machines...howeaver i'll keep this in mind. I didn't get the part of the extra layer and public ISP, maybe 'cause i'm not english so I probably didn't understand well. – Wyatt Gillette Jul 01 '17 at 23:14
  • Iam not english either, so sorry if I wrote it badly. The extra layer is the fact that when in a vpn tunnel, no one can guess the traffic inside, its encapsuled in it. – yagmoth555 Jul 02 '17 at 03:43
  • Oh ok i got it. Yes I think I will use something like a vpn for encapsulating the traffic between servers and backup machine. Looks a lot safer – Wyatt Gillette Jul 02 '17 at 09:32