I am trying to configure a (very) secure SFTP file server for transferring files between employees. I already know that files should be protected/encrypted in transit and at rest. Fortunately, the SFTP protocol has in transit encryption covered. However, I am still trying to work out the best way to transparently encrypt files that are at rest on the SFTP server. I have investigated full disk encryption, but that seems to only be effective when the encrypted disks are unmounted. Is there any way to either configure the Ubuntu server or the SFTP software, to transparently re-encrypt the files as they are being uploaded so that they can only be accessed by authorized SFTP server software users as well as IT administration staff but restrict access to any potential attackers who do not have the decryption key whether the drives are mounted or not.
No comments:
Post a Comment