- Industry: Web Hosting/Web Development
- Products: VShell®for Windows and SecureFX®
- Summary: By turning off FTP and switching to VShell, this independent web development and hosting company reduced the resources it spends tracking down and recovering from external attacks. VShell secures usernames, passwords, and data and limits their customers' SFTP access to specific directories.
The Net Werx is an independent web development and hosting company specializing
in web and email solutions for small- to medium-sized enterprise clients.
Tim Trombley, The Net Werx founder and primary developer, found he was spending an increasing amount of time trying to prevent external attacks on the company's network and rebuilding after they occurred. "When we allowed customers to manage their hosted web sites via FTP, we were constantly warding off attacks on our systems," said Trombley. "It cost quite a bit in time and resources. And you're never really sure if you've fixed the problem, so on several occasions we ended up just nuking a few machines and starting over.... It was time to reign in the ropes." The Net Werx needed to replace FTP with a secure file transfer solution that would allow Trombley to control access for its twenty-plus customers.
"When we allowed customers to manage their hosted web sites via FTP, we were constantly warding off attacks on our systems.... It cost quite a bit in time and resources... It was time to reign in the ropes." – Tim Trombley, The Net Werx
Trombley decided he needed a Windows SFTP server that would allow him to limit his customers' access to specific directories. A Secure Shell SFTP solution made sense for Net Werx since its customers could choose from a wide selection of commercial and open source SSH2 clients in addition to Trombley's familiarity with the protocol's robust authentication, strong encryption, and data integrity.
Before selecting VanDyke Software's VShell server for Windows, Trombley evaluated other free and commercial servers. "I began by looking at what was available in the open source realm. Cygwin didn't give me enough granular control over users' access to our servers," said Trombley. A commercial SFTP server that Trombley evaluated "handled authentication, but again fell short of the access control that I was looking for. Fortunately, VShell was very affordable and offered all of the features I was looking for plus some I hadn't initially been looking for but now use every day."
With the VShell server, Trombley can now give customers SFTP-only access to specific directories. Each customer can be assigned to a defined user or group, and each user or group can be given a separate root directory that contains only the folders and files they need. Access control lists allow Trombley to limit external customers' access to Secure Shell services – SFTP is allowed while remote shell and port forwarding are denied. "I really like the access controls in VShell and the setup was really easy." The Net Werx customers can now update their sites using VanDyke's SecureFX file transfer client or any other SSH2-compliant SFTP client – the customer only sees the set of files and folders assigned to their virtual home directory.
The switch from FTP to SFTP wasn't specifically client driven. The Net Werx' customers are increasingly concerned about security, but not the details of how it's implemented or maintained. "No clients explicitly asked for us to turn off FTP, but in an overall sense, security on many fronts is important [to our clients], including antivirus, antispam, and other tools. They assume we are doing everything we can to protect their data."
Trombley also encourages his customers to look at VShell. "In some cases, we're hired to provide network administration services at a client's location in addition to providing web development and hosting services. We're primarily developers – the hosting is a byproduct of the web development for customers who want to keep it all in one shop. So, if we have a client wanting remote access, I definitely have them look at VShell." VShell simplifies server management and provides an important piece in their network security puzzle.
For system administration and development work, VShell also gives Trombley shell access to The Net Werx servers and client networks and provides port-forwarding of terminal services. "Port-forwarding is really nice. I use a Secure Shell client with VShell everyday to securely open Remote Desktop. By using port forwarding with SSH over port 22, hackers get a much narrower view of what's running inside the network. It has simplified management of our firewall configurations as well."
Swapping out FTP for SFTP with VShell ended an unnecessary drain on The Net Werx IT resources. Now that passwords, usernames, and data are no longer transferred in the clear, the company is no longer an easy target for hackers. Customer data and The Net Werx internal systems are more secure and Trombley is spending a lot less time responding to and recovering from external attacks.