• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 403
  • Last Modified:

Securing legacy FTP transmissions ...

We have been tasked to move away from legacy FTP due to security concerns. The problem is that many of our interfacing partners only use FTP as a means of transferring files. Most files are relatively small (~10k) and the volume is not huge. But other than forcing them to change to a secure FTP server or make code changes, I am not sure that a solution exists to easily secure our transmissions. If there was a product that could secure client to server transmissions I would guess that we would have to buy both pieces ourselves because it is our requirement. I've seen a few references to S-FTP, FTPS, FTP through SSH, etc. but I'm not really familiar with anything like (just a programmer) ... any help would be greatly appreciated!!
0
AFPhinFan
Asked:
AFPhinFan
  • 3
  • 3
  • 2
2 Solutions
 
kevinf40Commented:
Hi

Obviously the cheapest option is to use sftp/scp for the transfers, but if you cannot easily make changes to the application there are third party products available.
One that we are currently evaluating to solve a similar issue (legacy apps using telnet / ftp) is SSH Tectia which can be found at www.tectia.com.
This product can transparently to the user / application wrap certain traffic (e.g. ftp) in an ssh tunnel.  To the user / app at both ends this is transparent and they can continue to use ftp or telnet etc as they were before.
Disclaimer - I'm nothing at all to do with this company, but the product does look to solve your problem.
cheers
K
0
 
AFPhinFanAuthor Commented:
kevinf40: Thanks for the info, I am requesting more data from that company now ... if that turns out to be what we need or if no one else responds, I will award the points.

Thanks!
0
 
rickyclourencoCommented:
You should approach this by first checking out what the difference between SSH(SFTP) and SSL(FTPS)
Found a site here http://www.rpatrick.com/tech/ssh-ssl/

Once you get more acquainted with each technology, you then can present the information, and then you and your company need to make a decision on the level of encryption/security you are looking for.  

My company went through the same issue, we had clients which needed to transfter private information to us, all of our FTP was through IIS and Active Directory, and I wanted a solution that would still be Active Directory Integrated (since all of our accounts were already there), I ended up using GlobalScape Secure FTP server.

In terms of your clients, they can download free FTP clients (FileZilla) which still support SSL/SSH transfers
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
AFPhinFanAuthor Commented:
Most of our applications call FTP either through command line FTP or third party FTP components in code. The ideal solution for us is a product that can bolt on and not require code changes on the clients or server changes. I will investigate the sites listed.
0
 
kevinf40Commented:
Hi AFPhinFan

Thanks!

Hope you find a solution to your problem - we are about to evaluating the SSHTectia product ourselves so if you try it it will be interesting to hear how you get on.

cheers

K
0
 
AFPhinFanAuthor Commented:
I am splitting the points as both answers merit further investigation and the research may take quite a while to wade through. I will try to post back what we decide on to help future seekers of information. Thanks for the help!
0
 
rickyclourencoCommented:
Thanks!
0
 
kevinf40Commented:
cheers!
good luck!
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now