Are OS provided FTP commands with PGP encrpytion enough?, File transfers, Windows, Unix
Posted on 2002-06-17
FTP command line versus other new methods. Strengths, weaknesses, risks, etc... Keeping costs in mind and using existing hardware without adding additional hardware
Our company performs FTP in several different departments from several different systems. Mostly Unix but a few Windows boxes.
We decided to step back and review all uses and then recommend a strategy.
Currently we are using the standard FTP commands that come with Unix and DOS to FTP.
-First we perform a PGP to encrypt a file.
-We then place the file on our server in the directory to where the external (outside the enterprise) would retrieve the file (they could drop off a file)
-When the person logs in they are to only a directory they have access to/
- They then perform a PUT or GET send/receive a file.
Instead: I suppose we could use an FTP Server with a certificate that would ensure a secure SSL connection. I think this secures the channel but not the data. We could uss SCP to something like that tht I do not fully understand.
Our goal is to make things simple, cost-effective, and minimize risk. We must be able to push files to other systems or have users retrieve files regardless of platform for the most part.
We have looked at a few products but always come back to -Why should we set up an additional server and ensure a user has a certain client (in the case of SSL and Certificates), if we can accomplish the same thing with locked down directories by userid???
*****While the above I described is not very techie, current, or robust, it does allow
people to perform "puts" and "gets" without running FTP software as a service at either end thus making life a little easier, easier to set up and troubleshoot.
I suppose we could get more complicated and talk about WEBDAV and such but not sure we need all of this.
We are ONLY allowing certain people to come through our firewall via IP address to "Get" items. To "Put" items we do not need any special rules in the firewall.
While this perhaps may be old school thinking-it is cheap, allows 2 way transfers, has PGP security (not the best but probablyy pretty good as the name implies)
We would like people to comment on the the above, shoot holes in it, risks we would incur, and perhaps present other very cost effective solutions-that have ease of installation.
However it is important that we can send AND receive. And we must be able to send and receive in an unattended manner (scheduled, batch type or scripted jobs)