Hi

What are these terms? What is the difference?

I am kind of new to servers but I understand what is a server, client, and transfer protocols like ftp, sftp, vpn etc. I have also created server using filezilla and transferred files using it, and I unsuccessfully tried creating sftp server using OpenSSH. (After doing all the stuff I got an error says, openSSH.exe is not valid windows executable.... something like that, I took help from here http://www.digitalmediaminute.com/article/1487/setting-up-a-sftp-server-on-windows, but that is a different issue I will create another thread for that, mentioned it just to give a background).

That being said, my company's IT guys is bothering our analytics team over these terms. They are saying our server is not secure, and they need some 5000 USD to buy and some monthly charges to maintain the same. (They say our existing server is a public server, I don't know what does that mean). I tried googeling but couldn't find a satisfying answer.

So please help me here.

Those are abstract concepts at best and without seeing the actual hosting agreement and contract its not possibly to answer your question to the depth you require.

It sounds like your IT guy is trying to be a know-it-all to get his friend's hosting company more business ;)

A private server would be something like a windows server installed on a virtual machine that only you have access to. You can log in to the server console with RDP, make changes to IIS, etc etc.

A public server would be something like a windows server with many websites installed on a single instance of IIS. The hosting company would set up IIS and not allow you access to it. You would only be able to upload your files to a certain directory where your web app is pointed to in IIS. In this case if someone breaks in to IIS and gets administrative access to the server they could get at all of the websites.

In the first case if they broke in to your virtual machine then they could still get your files, but the burden is on you in that case to maintain security since it is your machine. The probability of someone breaking in is also lower because your VM will host a single website for your company, where as with the public option they could have a lot of websites so the chances are greater that someone will try to get in to the server.

I hope that helps.

Thanks sknake,
That helps and I have some more info, so I was wondering if it can give you better understanding of the situation and guide me.

We have servers sitting in our company premises in a secured server room. We do not use it to publish websites but to keep data of various companies over which different teams (in the company itself) do analytics and other stuff. Earlier we use to pull data either through offline transfer (like hard disk/DVD), or by pulling the data from the server of other company (using vpn or sftp). Now there is a bank which wont give us access to there server. They say they want to "push" the data to our company's server, instead of allowing us to "pull" the data from there server.

On that IT guys say, the place (server) where data will come is unsecure. They say, if we pull, then its ok, but if they push, then their data become unsecure as our server is a public server. (Which I don't think is, after reading your post).

One thing that is commonly said by him and you is that "if someone breaks in to IIS and gets administrative access to the server they could get at all of the websites". But as you mentioned its also possible in case of private server as well. I guess strong passwords and policies like regularly changing passwords can lower probability of this happening... right ?

Thanks again!

>>One thing that is commonly said by him and you is that "if someone breaks in to IIS and gets administrative access to the server they could get at all of the websites". But as you mentioned its also possible in case of private server as well. I guess strong passwords and policies like regularly changing passwords can lower probability of this happening... right ?

It helps but there are a million ways to get control of a machine. Spyware/viruses get in on the network and hack the server, or someone exploits a bug in ASP.NET/IIS to get administrative access, etc etc.

>>Now there is a bank which wont give us access to there server. They say they want to "push" the data to our company's server, instead of allowing us to "pull" the data from there server.
This is common and I work with a few banks using the same setup. They shipped us routers to install in our facility and they push data over a private VPN where they control the endpoints -- so the communications is secured by them.

>>On that IT guys say, the place (server) where data will come is unsecure. They say, if we pull, then its ok, but if they push, then their data become unsecure as our server is a public server. (Which I don't think is, after reading your post).
Maybe he means the bank's pushed data will be exposed to all users on your network. If you don't want anyone in the company to be able to access the data but you're storing it on company servers located on the corporate LAN then that may be an issue.

Please describe more about the data and the mechanism for pushing the data, who should have access to it in your company, etc.

They want to setup a VPN, and then transfer the data over sftp. First I thought these how these two different protocols can go together, but then I got to know from somewhere a VPN can implement sftp to transfer the data, providing double security. Is that correct ?

After we get the data, only 3-4 members will be allowed to use (read/edit) that data. Is is possible that admin creates a folder for that and give access to only selected people to it? ( I mean thats possible, they already do it on our LAN, but I don't know how insecure is that). And if server is hacked, is it same whether data was pulled by us or pushed by the bank?

After we do the analysis, data will be deleted, and we will send them the final reports through emails. (Bank will not pull back the data or anything from our server)

That sounds like an OK setup to me. I don't see any glaring security issues. VPN + sftp is a secure file transfer mechanism. If you are comfortable with the physical security of your servers and are comfortable that other users on the network can't access the share where the data is stored then you have covered your bases.

If the server is hacked they get the data just the same regardless of push or pull. What is different is that if you stored the login and password on the harddrive and you got hacked then the hacker could use those credentials to connect to the bank. Since the bank is pushing data out then even if you do get hacked they can't readily do anything to the bank.

I would disconnect your VPN session after the sftp completes so you're not wired in to the bank when you don't need to be. This is just an "extra measure"

Thanks Scott!
you have boosted my confidence and increased my knowledge and may be saved our company a lot of money. Depends upon how I can convince management about these things. Disconnecting VPN will come in handy as an extra measure

Thank you very much!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.