Solved

sftp pros and cons

Posted on 2014-11-19
3
254 Views
Last Modified: 2014-11-20
We have some employees who send data to a 3rd party for processing via an SFTP server (that they own). Data isnt hugely sensitive but needs a degree of security assurance. there is a proposal to decommission the SFTP server and replace it with a web based application/portal. We don't know much about the configuration of the web portal as yet, but their tech team claim it is more secure than SFTP. From a laymans management perspective, what kind of features would you look for in terms of a web based app to ensure its more secure than SFTP? Does SFTP have its flaws? What data transfer protocols are seen as more secure (if any?)... Appreciate if you could keep your answers at any entry level so we are blinded with technical jargon, we just want to understand the risks...
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
Sir Learnalot earned 500 total points
ID: 40452648
SFTP is secure and relies on the SSH protocol... however a web application (IF AND ONLY IF) setup properly can be more secure. For example you can add dual layer authentication (requiring users to use something additional to a username and password to login).
0
 
LVL 6

Expert Comment

by:Sir Learnalot
ID: 40452662
Ofcourse like anything, sftp has its flaws. For example SSH vulnerabilities (e.g. heartbleed) have been discovered before, but that doesnt mean a portal is immune to threats. Overall, I would recommend making the switch if you trust the tech team to do a good job and to setup dual factor authentication
0
 
LVL 24

Expert Comment

by:Dr. Klahn
ID: 40454541
My two cents worth:

Relying on the support (and more importantly, the goodwill) of an outside team is eventually going to be trouble.  Sooner or later, somebody will leave and it will be necessary to instantly find a different solution.

Eventually just about every encryption method in wide use is either broken or compromised.  Witness WEPcrack and the WPA Protected Setup exploits.

The security in a data transfer application lies as much in the constant support of an experienced team as it does in a secure protocol.  When the protocol is broken, as it eventually will be, quick response is required.

There are more hostiles trying to compromise Web data transfer than there are trying to compromise SFTP.

Trying to fix a security hole in every web server on the planet would be a support nightmare and could take a good long time if the software was "turnkey corporate".

If the data is critical, send it over an encrypted VPN using a strong encryption method.  Then encrypt it again over the VPN connection using SFTP or a secure web server.  Package the information using ZIP or RAR and encrypt the file.  Just because you're not paranoid doesn't mean somebody is not out to get you.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now