Posts Tagged FTP

Secure FTP

Posted by on Thursday, 4 February, 2010

One of the best solutions for protecting your FTP transmissions is to utilize “Secure FTP” encryption technology.

The two popular Secure FTP protocols are named SFTP (meaning FTP over SSH) and FTPS (meaning FTP over SSL). Both SFTP and FTPS will create encrypted tunnels between your system and your trading partners. In essence, anything that flows over those tunnels will be protected, including any user ids, passwords, commands, as well as any data that is transmitted.

One of the main differences between SFTP and FTPS is the way authentication is performed. With SFTP, clients can be authenticated with just a password or a Private Key. With FTPS, clients and servers can be authenticated with certificates, which are either self-signed (by your organization) or signed by a Certificate Authority (e.g. Verisign).
Choosing the right type of Secure FTP protocol to use will depend on your trading partner’s capabilities and authentication requirements.

You should not leave it up to your users to decide which secure protocol or methodology works best. This can create a hodgepodge of approaches, none of which may meet your overall security and authentication policies.
This is an area where IT’s expertise is required to ensure that the right form of encryption is utilized, that authentication mechanisms are properly implemented and that regulatory requirements have been met.

Tags: , Category: General Comments (0)

Solution for Managing and Securing File Transfers

Posted by on Wednesday, 6 January, 2010

GoAnywhere Director is an Enterprise solution for Managed File Transfers, which includes a full suite of processes to securely transfer and convert data with detailed auditing and message alerts. Using GoAnywhere Director, customers can connect to almost any system or trading partner using a wide variety of standard protocols including FTP, SFTP (SSH), SCP, FTPS (SSL/TLS), HTTP, HTTPS, SMTP, POP3 and IMAP. It also supports standard Open PGP and ZIP with AES encryption for securing sensitive documents.

GoAnywhere Director Version 3.0 is now available from Linoma Software.  This latest version incorporates S/MIME digital signatures and encryption for email, support for Secure Copy Protocol (SCP), automatic processing of inbound email, enhanced logging, and version controls to streamline customer upgrades. Excel 2007 translation is also supported in version 3.0, in addition to its ability to read and write Excel 2003, CSV, XML and fixed-width text documents – which eliminates the need for other file translation software.

Version 3.0 also introduces more business process controls, including support for multi-part conditional statements, loops, delay operations, complex variables and advanced error-handling logic. This allows customers to set up sophisticated projects in GoAnywhere Director for multi-step processing of files, eliminating manual intervention and custom programming/scripts. For instance, a single project could be defined to loop/scan and retrieve files from a FTP server, decrypt those files, then parse and import their contents into a database. Errors can be easily monitored and routed to send alerts or call other processes.

“We are very excited about the 3.0 release,” says Bob Luebbe – Chief Software Architect at Linoma Software. “GoAnywhere Director has the power, flexibility and price-point to allow organizations of all sizes to completely streamline and secure their data transmissions. With its intuitive interface, customers can be productive in just a matter of minutes.”

GoAnywhere Director also interfaces with popular database systems including DB2, Oracle, SQL Server, Informix, PostgreSQL, Sybase and MySQL databases. This allows customers to easily extract data from their corporate databases to securely share it with their trading partners, as well as the ability to pump incoming data into their tables automatically.

No programming or special technical skills are required to use GoAnywhere Director. A graphical interface is provided for remote administration and monitoring from any browser or internet-enabled phone. Projects in GoAnywhere Director can be launched from a variety of 3rd party applications, schedulers and languages including CL, RPG, Java, C, .NET and PHP.

GoAnywhere Director can be installed to a variety of platforms, including IBM System i, IBM System p (AIX), IBM System z (Mainframe), Windows, Linux, SUSE Enterprise Linux, UNIX, HP-UX, Mac OS and Solaris platforms.

A free, fully functional trial of GoAnywhere Director is available for download.

Tags: , , , , Category: General, GoAnywhere, Managed File Transfers Comments (0)

The Case for Managed File Transfers

Posted by on Monday, 21 December, 2009

Every day, millions of files are exchanged all over the world by corporations, government entities and other organizations. These electronic transfers include the critical data needed to conduct business, such as customer and order information, EDI documents, financial data, payment information, as well as employee and health-related information.

Most managed file transfers use a popular protocol known as FTP. This is a very aged protocol, since it was designed and implemented in the infancy of computing networks; even before the Internet was even heard of. Few managers realize the security and management risks that have blossomed in their organization with the prevalent use of FTP. Fewer still have begun to take measures to bring the use of FTP into compliance with regulations such as PCI, SOX, HIPAA, State Privacy Laws or other mandates.

The best solution to securing your FTP implementations will be one that best centralizes and manages the control of those transfers. The practice of distributing file transfers off the main information system complicates management and opens security holes. How does centralizing FTP reduce the number of management issues?

Centralization:

  • Maintains the rigor of the native operating system’s security mechanisms.
  • Sustains the compliance requirements that have been already been implemented on the host system. This includes authority controls and reporting prerequisites.
  • Provides a single-point of maintenance for all FTP user profiles and passwords.
  • Contains standardized data encryption techniques and centralized key management.
  • Instead of building subsystems for encryption on individual user platforms, IT can engineer a comprehensive solution that provides better control and security.
  • Provides a centralized logging system of all file transfer activity for auditing purposes, along with descriptive error logs and message alerts when transfers fail.

Tags: , , , , , Category: General, Managed File Transfers Comments (0)