Link to home
Start Free TrialLog in
Avatar of sunhux
sunhux

asked on

Best practice for ssh keys exchange : 1-way (& which way) or 2-ways

We are outsourcing our customer screening function (to screen for customers who
are known to be $ laundering or terrorist-funding related) to an external vendor.

We have to do sftp to transfer our customers' info to this vendor daily.

a) Is is more secure that we are the sftp server (ie the vendor connects to us to
    'get' the data or the vendor is the sftp server (ie we 'put' the data to the vendor
    or it doesn't matter?
    Considering whether to get Tectia ssh client or Tectia ssh server

b) Anyone come across direct secure data transfer between apps (say via API)?
    Does such API uses sftp protocol?   If so, any keys need to be established and
    exchanged between our apps & the vendor's apps?  Perhaps this question
    doesn't make sense

c) For a more secure environment, should we enable one-way instead of two-ways
    ssh keys exchange?'

d) I'm inclined to think that should an ex-employee left us, he can copy the ssh
   keys out;  so would a 2nd extra authentication (say password authentication)
   help?  Or what could help with this scenario where a staff at vendor's end
   or our end leave & copies out the ssh keys?
Avatar of sunhux
sunhux

ASKER

e) 1 more question:
    I felt uneasy that the sensitive info is extracted from our backend DB server & 
    then exported/saved as csv in a server in our DMZ zone : fact that it's in DMZ
    means this server is Internet-facing, thus more 'exposed'.  Thing is if I encrypt
    this csv file (say using a Zipping tool) with a password, such a password will be
    known to sysadmin (or a staff at the vendor's end) so as to be able to decrypt
     it.  Would it be better to use a certain OTP value to encrypt & this OTP value
     is separately sent via sftp to the vendor, so the 'encryption' password is
     always different as it's  "one-time" only?  I have no idea how to implement
     such 'OTP' encryption currently
SOLUTION
Avatar of gheist
gheist
Flag of Belgium image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial