Say you have an UNIX (such as AIX, HP-UX, Linux) application server
alpha, and an UNIX database server delta, and the application is
running use account Charlie's privilege, and database using account
The application generates data that will send to server delta, and the
data to be loaded into database by Sam and the a report will be
generated using the data in the database.
In today's technology, most likely sftp will be chosen for the file
transfer from alpha to delta, and most people will think this is the
very secure solution.
So what's the issue with this solution?
With this solution, you need to ask one person to do the file transfer
job, then ask the same person or another to load the data into
database and then run report generation program.
Here, the person who does the file transfer job needs to either Sam's
password or the pass phrase for the private key of the key pair used
for public key authentication, or else, you have to choose public key
authentication with no pass phrase protection for the private key.
We assume that you will use the pass phrase protected public key
authentication way, as this is the most secure way among them.
Then what's security issue with this arrangement?
Lets talk about the security risk with the pass phrase protection
One common issue here is the pass phrase needs be known by all the
people who will do the file transfer, which is unlikely to be only one
And then a malicious person on the machine with same or root privilege
could use system call tracer, like tusc on HP-UX, to steal the pass
phrase when you type it.
And a malicious person with root privilege could replace the sftp
program to steal the pass phrase.
And on Solaris 10 platforms, anybody with root privilege can easily
use dtrace to capture the pass phrases when anybody uses ssh to
connect to other machines. The dtrace tool is good for debugging
issue, but is a nightmare for password/pass phrase security.
Then lets talk about another big security issue with the arrangement:
when a person is able to use sftp to transfer the data from server
alpha to server delta through account Sam on delta, that person is
also able to make changes to Sam's .profile, so if the person is
malicious, he/she will be able to set up a trap in Sam's .profile, so
when Sam logs on to the server delta, the trap will be triggered and a
false transaction to be added into to database, causing big damage to
WZIS Software has a very secure solution for this and it can save you
huge operation costs.
Please check our solutions at http://www.wziss.com/