Solved

sftp pros and cons

Posted on 2014-11-19
3
231 Views
Last Modified: 2014-11-20
We have some employees who send data to a 3rd party for processing via an SFTP server (that they own). Data isnt hugely sensitive but needs a degree of security assurance. there is a proposal to decommission the SFTP server and replace it with a web based application/portal. We don't know much about the configuration of the web portal as yet, but their tech team claim it is more secure than SFTP. From a laymans management perspective, what kind of features would you look for in terms of a web based app to ensure its more secure than SFTP? Does SFTP have its flaws? What data transfer protocols are seen as more secure (if any?)... Appreciate if you could keep your answers at any entry level so we are blinded with technical jargon, we just want to understand the risks...
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
Sir Learnalot earned 500 total points
Comment Utility
SFTP is secure and relies on the SSH protocol... however a web application (IF AND ONLY IF) setup properly can be more secure. For example you can add dual layer authentication (requiring users to use something additional to a username and password to login).
0
 
LVL 5

Expert Comment

by:Sir Learnalot
Comment Utility
Ofcourse like anything, sftp has its flaws. For example SSH vulnerabilities (e.g. heartbleed) have been discovered before, but that doesnt mean a portal is immune to threats. Overall, I would recommend making the switch if you trust the tech team to do a good job and to setup dual factor authentication
0
 
LVL 23

Expert Comment

by:Dr. Klahn
Comment Utility
My two cents worth:

Relying on the support (and more importantly, the goodwill) of an outside team is eventually going to be trouble.  Sooner or later, somebody will leave and it will be necessary to instantly find a different solution.

Eventually just about every encryption method in wide use is either broken or compromised.  Witness WEPcrack and the WPA Protected Setup exploits.

The security in a data transfer application lies as much in the constant support of an experienced team as it does in a secure protocol.  When the protocol is broken, as it eventually will be, quick response is required.

There are more hostiles trying to compromise Web data transfer than there are trying to compromise SFTP.

Trying to fix a security hole in every web server on the planet would be a support nightmare and could take a good long time if the software was "turnkey corporate".

If the data is critical, send it over an encrypted VPN using a strong encryption method.  Then encrypt it again over the VPN connection using SFTP or a secure web server.  Package the information using ZIP or RAR and encrypt the file.  Just because you're not paranoid doesn't mean somebody is not out to get you.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now