FTPplanet.com Blog

October 06, 2008

Webinar: The new WS_FTP Server 7

Kevin Gillis, Ipswitch File Transfer’s VP of Product Management, will highlight the new capabilities of the WS_FTP Server family and he'll also give a live demo and answer any questions you may have.

I'm looking forward to seeing the new automatic IP blocking and anti-hammering capabilities in action.... And also the new FIPS 140-2 verified cryptography.

Posted by Hugh Garber at 05:24 PM | Comments (0) | TrackBack (0) digg this add to del.icio.us add to My Web Furl this page

October 01, 2008

WS_FTP Launch Preferences

Did you know that you can change how WS_FTP behaves at launch? You can choose to:

- Open a blank workspace (ie: Do not connect to any saved server connections)
- Open a FTP connection dialog (ie: Asks what server connection you want to open)
- Open the last local and remote server folders (ie: WS_FTP opens the last local and server connections)
- Connect to your default FTP site (ie: Similar to choosing a browser homepage)

Choose the Options screen by selecting 'Tools' and then 'Options'. The Options screen should open to the 'General' tab. Look for the 'Auto Reconnect' option and select from the drop down box.

Selecting to open the last server connections is probably a common preference if you're working with a small number of websites.

More preferences are found in the WS_FTP Professional Getting Started Guide.

Posted by Erik Small at 11:14 AM | Comments (0) | TrackBack (0) digg this add to del.icio.us add to My Web Furl this page

September 29, 2008

New version of WS_FTP Server is about to be released!

Details of the upcoming release of WS_FTP Server 7 are now posted on the Ipswitch website..... How exciting!!!

Looks like a very security-focused release with some great new capabilities. Personally, I'm looking forward to the new anti-hammering capability that will automatically blacklist IPs that are attempting to hack into the server. And the new FIPS verified cryptography is very impressive.... And the ability to use LDAP for external user authentication is something that will come in handy for many organizations!

Posted by Hugh Garber at 08:57 AM | Comments (0) | TrackBack (0) digg this add to del.icio.us add to My Web Furl this page

September 22, 2008

Securing an FTP Server

Today's blog posting if for you server admins out there.... Here's a good list of tips to secure your file transfer server courtesy of The Real Ping blog.

I believe the first recommendation is critical: "Assigning access control rules for the files and directories on the FTP server will ensure greater safety for your files. This way, only privileged user accounts can access sensitive data on the FTP server, while non-privileged user accounts can access only general files."

And the other suggestions he lists out are also very smart and easy to implement administrative safeguards for protecting files and data. Here are a few of the suggestions:

• Run the FTP servers on a separate bastion host on the DMZ.
• Use a proxy system to forward requests to the FTP server.
• Discourage the use of anonymous FTP access.
• Log all access to files so it is easy to trace users.
• Use secureFTP or other similar protocols to secure the data and the command channels (ie: SSL or SSH)

Two other suggestions I have: Rather than "discourage" anonymous FTP access, administrators should simply forbid it. And rather than simply allowing encrypted protocols like SSL and SSH, administrators should simply require connecting clients to use either encrypted SSL or SSH protocols.... And better yet, specify that it must be at 256-bit AES encryption strength.

Posted by Hugh Garber at 07:31 AM | Comments (0) | TrackBack (0) digg this add to del.icio.us add to My Web Furl this page

September 18, 2008

FTPS versus SFTP...... Which to choose?

Sometimes lost is the confusing alphabet soup of FTP, SSL/FTPS and SSH/SFTP is a clear understanding of the differences between the various protocols.

A key takeaway is that basic FTP is not encrypted and that more and more folks are turning to encrypted protocols such as SSL and SSH for file transfers.

Generally speaking, I recommend setting up your server to support both flavors on encrypted communication protocols.... That will enable your end users with more options to securely connect to your server.

But there are some differences between the way FTPS and SFTP were implemented and each has some strengths and weaknesses. Here's a great post by IT Tutorial Solutions that goes into detail on the pros and cons of each.

FTPS Pros:
• Widely known and used
• The communication can be read and understood by the human
• Provides services for server-to-server file transfer
• SSL/TLS has good authentication mechanisms (X.509 certificate features)
• FTP and SSL/TLS support is built into many internet communication frameworks

FTPS Cons:
• Doesn't have a uniform directory listing format
• Requires a secondary DATA channel, which makes it hard to use behind the firewalls
• Doesn't define a standard for file name character sets (encodings)
• Not all FTP servers support SSL/TLS
• Doesn't have a standard way to get and change file and directory attributes

SFTP Pros:
• Has good standards background which strictly defines most (if not all) aspects of operations
• Has only one connection (no need for DATA connection)
• The connection is always secured
• The directory listing is uniform and machine-readable
• The protocol includes operations for permission and attribute manipulation, file locking and more functionality

SFTP Cons:
• The communication is binary and can't be logged "as is" for human reading
• SSH keys are harder to manage and validate
• The standards define certain things as optional or recommended, which leads to certain compatibility problems between different software titles from different vendors
• No server-to-server copy and recursive directory removal operations
• No built-in SSH/SFTP support in VCL and .NET frameworks

At the end of the day, both FTPS/SSL and SFTP/SSH deliver strong encryption and are both worthy of securing files that are being moved to and from your servers.

Posted by Hugh Garber at 08:42 AM | Comments (0) | TrackBack (0) digg this add to del.icio.us add to My Web Furl this page

FTP in 2 minutes

The Ipswitch File Transfer website has a quick movie on WS_FTP Professional.

Check it out!

http://www.ipswitchft.com/products/ws_ftp_professional/demo.asp

Posted by Erik Small at 08:19 AM | Comments (0) | TrackBack (0) digg this add to del.icio.us add to My Web Furl this page

September 12, 2008

Using Secure FTP

Quick reminder for folks to switch over from unencrypted FTP client-server connections to secure connections over FTPS or SFTP protocols. FTPS is an SSL based alternative to FTP, it's basically a flavor of FTP that has built-in encryption. And SFTP is another fantastic alternate that's based on the secure-shell (SSH) protocol. Both SFTP and FTPS provide secure and encrypted communications and will serve to protect any file transfer over client-server connections.

Here's some good advice from e-Consultancy.com: "FTP isn't perfect; one of its biggest flaws is that usernames and passwords are sent in clear text. That means that every time you use your website's FTP server, there is the possibility that a hacker could intercept your username and password and gain access to your website."

And of course, their recommended solution: "Secure FTP (SFTP) is a file transfer protocol based on the Secure Shell protocol, and as its name suggests, it is designed to provide a more secure means to transfer files between computers. Because of this, I personally advise all my clients to ditch FTP and set up SFTP."

Posted by Hugh Garber at 06:25 AM | Comments (0) | TrackBack (0) digg this add to del.icio.us add to My Web Furl this page

Categories

Archives

Recent Entries

Syndicate this site