Security Basics mailing list archives
RE: Secure file transfer
From: "Alex Alexiou" <Alex.Alexiou () intersystems com>
Date: Wed, 13 Jun 2007 17:10:09 -0400
I used FTP over SSL (sometimes referred to as FTPS) for a situation such as this. I once worked at a company whose business relied on receiving and sending sensitive data from thousands of client users, and some of them would send us files that were hundreds of megs. I set up Rhinosoft Serv-U on a fairly powerful Windows server with lots of space and a fast backbone connection to the Internet. The sites that I set up used implicit encryption (as opposed to explicit) which meant that they HAD to connect over SSL. It also requires an FTP client that supports connecting via FTP over SSL. We ended up posting instructions on our website on how to download and install Filezilla, because it's free and fairly intuitive. It took a while to set up due to the large number of users, but once it was in place it was very easy to manage, and our clients had very few problems with it. Obviously, sending the data over SSL is a lot slower than regular FTP, but it's probably about as fast as you'll find, and quite secure. As long as you follow good security protocols (strong passwords, no anonymous accounts, etc) you should be ok. Serv-U is only for Windows, but if you need a Unix solution there are a number of things you can use. I'm pretty sure vsftpd supports FTP over SSL, and Filezilla also has an FTP server application, though I've never used it. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of u.bodalina () gmail com Sent: Wednesday, June 13, 2007 11:28 AM To: security-basics () securityfocus com Subject: Secure file transfer Hi All Are there any good solutions for secure file transfer in a corporate environment. This should also cater for: 1. Secure transferring of large files which cannot be emailed. 2. Allow the tranfer of these files to people on the internet. 3. There should be very little administration of accounts. 4. It should be assumed that the files are of a sensitive nature. What are the best practices for this and the security implications? Thanks in advance.
Current thread:
- Secure file transfer u . bodalina (Jun 13)
- Re: Secure file transfer Nick Owen (Jun 13)
- RE: Secure file transfer Alex Alexiou (Jun 13)
- Re: Secure file transfer Manuel Arostegui Ramirez (Jun 13)
- Re: Secure file transfer João Gabriel (Jun 13)
- Re: Secure file transfer David Bergert (Jun 14)
- <Possible follow-ups>
- Re: Secure file transfer krymson (Jun 13)
- Re: Secure file transfer security.xentek (Jun 13)
- Re: Secure file transfer 00naught (Jun 13)
- Re: Secure file transfer security.xentek (Jun 13)