Why Use SFTP for File Transfers?
There are a number of threats to data sent over the Internet. Hackers may impersonate a user, hijack a server, intercept usernames and passwords, and/or tamper with data in transit. SFTP is the only file transfer protocol that provides protection against attacks at any point in the data transfer process, making it the preferred protocol for file transfer operations.
SFTP Provides the Highest Level of Protection
Some earlier attempts to provide security for data in transit using FTP relied on port forwarding (data tunneling) to create a secure (encrypted) connection between client and server over which usernames and passwords could be sent. However, secondary connections for the actual files to be transferred would later be established, and those connections were not secured, leaving data vulnerable to eavesdropping and tampering while in the data stream. No measure of protection applied to FTP-facilitated transfers addressed the issue of user or host identity verification.
SFTP applies safeguards that address vulnerabilities throughout the file transfer operation:
- A user's logon credentials (password, public key, etc.) are verified during user authentication.
- The server is authenticated through host identity verification, a process that involves host keys.
- Using SFTP, only one secure connection is established through which all data (authentication information, file data, etc.) is transmitted. SFTP ensures data integrity and data security by applying SSH2 Message Authentication Code (MAC) to hashed data payload packets, which are encrypted in the data stream.
Compliance Calls for SFTP
Federal legislation, including SOX and HIPAA, and other federal regulations, like FIPS 140-2, set standards for security of confidential (e.g., financial, medical, government) data in transit. Although these guidelines may not specify that Internet-facilitated file transfers be conducted only via SFTP, SFTP is a preferred protocol that can meet the standards that are explicitly outlined.
Make a System-Wide Switch to SFTP
To create a secure file transfer environment, you need both clients and servers that support SFTP. VanDyke Software provides both: VShell® server and SecureFX® client. Both software products allow your organization to benefit from the safeguards inherent in the Secure Shell (SSH2) network protocol.
In addition to increased data security, VanDyke Software products have features and capabilities that can save your organization time and money.
Download the VShell server and SecureFX client for a free 30-day evaluation. VanDyke Software technical support is available during the evaluation period to help you make the switch to SFTP.
Please contact us for assistance in finding the right solution for your organization.