I need to set up a series of servers - for storing critical business data in secure, segmented accounts. I have a few questions to get a general overview of the most secure solution after which I will be hiring someone to implement it. The requirements are as follows:

1 ) A system that includes only the necessary components to set up secure file transfer capabilites for a number of different users.

2) Accounts must be segmented - No user should be able to view other accounts (except root).

3) The username/password should be encrypted and the account should only be accessible over a secure connection if possible.

4) Accounts should be easy to setup/suspend/delete.

5) All unneccessary ports/services should be disabled.

6) The client software will be supplied to my users so the choice of protocol(s) are unlimited.

6) Above anything else - Security is the biggest concern.


Please post here with your opinions on what the issues are, how you intend to tackle them, what experience you have and how much you charge. I'm leaning towards openBSD setup using openSSH but I want someone who has done it all before to set everything up and tighten security. There is potential here for onging work for the right individual.

OpenBSD sucks.

They claim to be uber-secure - go check out bugtraq.

Their "no holes in our default install" doesn't hold up anymore.

OpenSSH is proving to be unreliable in a security aspect too, two holes in a short period of time.

If you're interested, I might be able to make some recommendations, but I am not available for Full-Time work.

Critical business data should be stored in an offline system. Period.

Uh oh, I read it, will I be shot now? ;) ;)

Right now NetBSD and OpenBSD are the most reliable OS's to be run for a hosting company. OpenSSH had two bugs which have been fixed rapidly. There is no other alternative then making your own. Hope you don't recommend window$

I certainly agree that offline storage is a necessity. Can anyone recommend a company that offers large amounts of disk space (bandwidth won't be a problem) that also offers tape backup? Cost is a critical issue here, I'm not prepared to pay $1000 a month or anything near it. Anyone offering large (60 gig-ish) reliable ide HD with daily incremental backups for under $500?

It's a pity - there seems to be nobody catering for the middle market for reliable hosting. There's the likes of eservers.biz that offer exceptional value for money and have a great reputation - but if their offerings don't suit you have to go elsewhere. And then there's rackspace that offer exceptional network, service and configuration options but at a heavy cost.

Maybe it's time for someone to cover this middle ground. Ok, maybe the market for this middle ground is small but wouldn't it pay off to corner this middle market?

If someone can offer a tailored solution for my needs - I'm all ears!

Thanks to all that have replied in this post and by pm.
Regards,
Neo

hmmm.... maybe I can go buy a seagate 100GIG HD, some tape backup equipment and you can pay me? =) just a thought