Business Class FTP Storage

A client had asked us to send them a file that was too large for email.  so my boss asked me to do some research as to some "SECURE" FTP providers.  I mentioned Dropbox but apparently anyone who offeres free service can't be trusted to them.  

So do you have any suggestions?
MsAileenSAsked:
Who is Participating?
 
AlexPaceConnect With a Mentor Commented:
I would disagree that SFTP is much more secure than FTPS.  

Trivia: The character Trinity is shown using a legit well known SSH exploit in the movie Matrix Reloaded.

That said, I might choose SFTP over FTPS because it is easier to support... fewer moving parts... but the stream is binary so it is hard to debug if something goes wrong  ... much easier to debug a problem in FTPS which is good since you are more likely to have a problem with FTPS.

You can use FileZilla it is good software.  Some bosses have a problem with using free software supported by a bulletin board forum so if yours is like that you can consider Robo-FTP Server.  It does both FTPS and SFTP and you get a year of support for your $400.  

The 30 day free trial of Robo-FTP Server is super easy to get going in SFTP mode because it can generate its own SSH keys.

1. Download from here: http://www.robo-ftp.com/download/
2. Install the software then run the "Server Console" ... click thru the 30day eval stuff at the beginning.
3. Click the "Install" button to start it as a Windows Service under the default Network Service account
4. Click the "SFTP Server" menu, switch to Server Keys tab, create both keys then click "Apply" button
5. Switch back to "General Settings" tab, choose root folder then click "Start SFTP" button
6. Click the "Users" menu, click "New" button, type user name, select SFTP
7. Click "SFTP Logon Details" and set password and user's home folder then click "OK" then "Apply"

Now you have an SFTP server!   If sending these files is a one-time deal you might be done with it before the 30-day trial expires.
0
 
JWong007Commented:
You can use Filezilla Server to create a FTPS server (TLS).  Here's the link for the installation files:

http://filezilla-project.org/download.php?type=server
0
 
JWong007Commented:
I also found Core FTP Server.  This server supports SFTP.  Here's the link:

http://download.cnet.com/Core-FTP-Server/3000-2160_4-10783460.html
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
MsAileenSAuthor Commented:
What can I tell them abou the security, I think that is the main concern
0
 
JWong007Commented:
FTPS over TLS is: Two separate methods were developed to invoke client security for use with FTP clients: Explicit or Implicit. The explicit method is a legacy compatible implementation where FTPS aware clients can invoke security with an FTPS aware server without breaking overall FTP functionality with non-FTPS aware clients. The implicit method requires that all clients of the FTPS server be aware that SSL is to be used on the session, and thus is incompatible with non-FTPS-aware clients.
   http://en.wikipedia.org/wiki/FTPS

SFTP is: the SSH File Transfer Protocol (also Secret File Transfer Protocol, Secure FTP, or SFTP) is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream.
   http://en.wikipedia.org/wiki/SSH_file_transfer_protocol

SFTP is much more secure that FTPS
0
 
AlexPaceCommented:
FTPS is secured by SSL (TLS) which is the same familiar method used to keep online web transactions safe.  If you have every bought anything online you have used this method.  You can use it to encrypt the login credentials, the actual data, or both.

SFTP is secured  by SSH which is the same method used for unix remote login sessions.  This is just as safe as FTPS but has the advantage of only using a single port for both control and data so it is easier for your firewall administrator to configure.  The down side of this approach is that there are not as many clients that can do SFTP as there are that can do FTPS.
0
 
MsAileenSAuthor Commented:
Can some of these products do both SFTP and FTPS?  And for security purposes it would be best if hosted my own FTP storage, right?  And I saw the FileZilla has a server and a client install so you can host it yourself
0
 
MsAileenSAuthor Commented:
Well money isn't the problem, its security so as long as I can spell it out for them I should be good!  Now the Robo-FTP server should be on a server at my location (like my file server or something), not like just my PC and then is there a client install so I can have users here use it to store and send files to customers?  this would be great if its an agent that can be installed on an existing file server (unless using a file server isn't recommended, I can find another server)  
0
 
AlexPaceCommented:
With Robo-FTP or any of these servers you can put it on a regular server on your network but you've got to poke a little hole in your firewall to allow it.  Otherwise you put it out on the DMZ in your extranet.  Do they even still call it an extranet?

Anyway, as far as poking a hole in your firewall goes this is another reason to use SFTP instead of FTPS because you only need to open (or forward) a single port.  The default SFTP port is number 22.

If you want to really get super freaky about the security you can have the users log in with a client key (sftp) or a client certificate (ftps) instead of a password.  Some banks (not most) do this...  some even PGP encrypt the files in addition to sending them over the encrypted transport.
0
 
MsAileenSAuthor Commented:
Well thank you so much!
0
All Courses

From novice to tech pro — start learning today.