[clue] Speaker for 2014-11-11 talk.
Aaron D. Johnson
adj at fnord.greeley.co.us
Mon Nov 10 17:53:40 MST 2014
David L. Anselmi writes:
> I have a security question too. Should I encrypt a file I'm sending
> over SFTP? (This is just to sanity check my opinion that the
> security guys who say it's a requirement don't know what they're
> talking about.)
Layered security is good. :) SFTP will encrypt the file as it's
moving across your (and other parties') networks. (Strictly speaking,
SFTP the protocol doesn't encrypt it, but the SSH tranport it uses
does.) Encrypting it before you send it (what are their requirements
there?) means you have confidentiality (and possibly authenticity,
too) at each endpoint.
What threat model are your security guys defending against? What
threats are you concerned about?
- Aaron
More information about the clue
mailing list