Q

Transfer files to a production server

What is the best way to move files out to a production server located in the DMZ. This is required as developers make changes and updates to the Web site. What do you recommend?
Dear Bob:
Thank you for taking the time to write to me. The best (and secure) way to transfer files to a production server, is to implement the following steps:

  1. Implement security beginning with your border router (ACL); that is, restrict external port access to production server(s).
  2. Disable FTP, File shares, and other common and insecure programs.
  3. Install and configure a remote control (with file transfer capability) program that supports the following features:
    1. Encryption - to secure your data.
    2. TCP/IP filtering - limit access to server to the firewall.
    3. Change default TCP/IP port -- to use a unique port.
    4. NT/Win2K integrated authentication.
  4. Block access to unique (above) port in your border router and firewall. Set up a rule in your firewall to only allow selective developer workstations to transfer files.
  5. Define unique account names and passwords for developers that require access. For QA purposes, consider being the primary point of contact when it comes to updating "your" production server -- that is, the server that you are responsible for. Try to reduce or eliminate the need for direct developer access.

Another viable option is to implement SSH to "move files"; however, SSH (including Cisco's version) has its share of security vulnerabilities, including gaining admin-level access. If you decide to use SSH, make sure that you patch it. In either case, apply as much of the above security steps as possible with your solution. Avoid using the leading remote control software, as this would attract unnecessary attention. There is plenty of good remote control software out there that support the above features.

Remember to enable session logging and to maintain your server and remote control software with the latest, tested, and certified patches and hotfixes.
Take care,
Luis

This was first published in December 2002

Dig deeper on Working With Servers and Desktops

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close