Archive for category FTP tools

SFTP Server in the DMZ or Private Network

Posted by on Wednesday, 19 March, 2014

Many organizations have an SFTP server installed where their trading partners can connect to securely upload and download sensitive files.

SFTP Server in the DMZ

Traditionally SFTP Servers have been installed in the DMZ (or public facing) segment of the network since organizations were fearful of opening inbound ports into the Private (internal) network.

sftp server - DMZ

Keeping the SFTP Server in the DMZ, however, has posed several problems.  The primary issue is that files have to be stored in the DMZ when they are dropped off by partners, or otherwise staged temporarily for pickup. Those staged files have a higher risk of being accessed by hackers since the DMZ is more exposed to the Internet.  You could require those staged files to be encrypted with something like Open PGP, but many auditors don’t like to see any sensitive files in the DMZ, encrypted or not.

Another issue is that you often have to write scripts to copy the files back and forth between the DMZ and private network, which takes programmer effort and can lead to errors.

SFTP Server in the Private Network

To keep sensitive files out of the DMZ, some organizations have moved their SFTP server into the private network.

sftp server - private network

This approach eliminates the need to write scripts for moving files back and forth.  The big downfall of this approach is that ports were traditionally opened into the private network for trading partners to gain access to the SFTP server.  These open ports could create a potential risk for attackers to gain access to the private network.  In today’s security-conscious environment, most IT auditors do not like to see any inbound ports opened into the private network… especially if you are storing sensitive PCI or HIPAA data on those servers.

Gateway in the DMZ while keeping the SFTP Server in the Private Network

An approach that is quickly gaining in popularity is to implement a gateway component in the DMZ.  The gateway will serve as an enhanced reverse proxy which does not require inbound ports into the private network. 

sftp server - gateway

At startup time, the SFTP server will establish a special control channel with the gateway, which is kept alive continuously.  When partners connect to the gateway, it will make requests over the existing control channel to the SFTP server.  The SFTP server will then open any data channels needed back through the gateway to service the trading partners.  The whole process is transparent to the trading partners.  No data is ever stored in the DMZ since it is simply streamed through the gateway.

A gateway in the DMZ therefore solves two major security issues:

  1. No files need to be stored in the DMZ, including user credentials
  2. No inbound ports need to be opened into the Private network

Since a proprietary control channel is used to communicate between the gateway and the SFTP server, you will need to purchase both components from a single vendor.  When looking for the right gateway for your organization, make sure it is easy to set up and manage.  It is critical that it does not require inbound ports into the private network or require any data to be stored in the DMZ.

Contact a Linoma Software representative today to learn more about an enhanced reverse proxy solution on your network.

Why Bother Upgrading Beyond Standard FTP?

Posted by on Thursday, 26 September, 2013

Right out of the box, most operating systems come with a built-in File Transfer Protocol (FTP) tool that makes it possible to transfer large files between people, computers and servers.  It accomplishes the key goal, which is to deliver the file from one place to another.  However, too many organizations’ philosophy has been that as long as the files were getting where they needed to go, standard FTP was good enough. That was especially true when they were transferring files internally.

The truth is that FTP alone has never been good enough, because too much information (file data, user names, passwords, etc.) is vulnerable to hackers and it only takes fairly rudimentary hacking skills to steal it.  Now with increased pressure to protect sensitive data coming from regulators and consumers, it’s urgent that companies implement a more secure file transfer method.

Take a look at this short video to hear Bob Luebbe, Linoma Software’s Chief Architect, talk about the dangers of standard FTP.

 

At the end of this video, Bob mentions the value of clustering and load balancing to promote high active-active availability. Since this video was produced, we’ve also added these features to both GoAnywhere Services and GoAnywhere Director.

In fact, Bob just delivered a free webinar on the latest updates to GoAnywhere, and you can view a recorded version here.

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

Video: How to Encrypt Files with OpenPGP Studio

Posted by on Wednesday, 7 August, 2013

Have you ever been asked to email a file that includes personal information like your prescription records, or your banking account information, or even your social security number?  Many people share that kind of information over the internet and simply hope that it doesn’t get hacked.

Download OpenPGP StudioLinoma Software, developer of the enterprise solution GoAnywhere™ Managed File Transfer Suite, has made it much easier to keep this kind of confidential data protected with its recently released desktop encryption tool called GoAnywhere OpenPGP Studio™.

This free PC tool is designed for people who occasionally need to share or store sensitive data.  OpenPGP Studio lets users encrypt, decrypt, sign and verify files from their PCs or workstations.  An integrated key manager allows anyone to quickly create, import, export and manage OpenPGP keys needed to encrypt and decrypt files. Best of all, it’s intuitive so even those who claim to be “non-technical” can confidently use OpenPGP Studio.

Here’s a video, also available on YouTube, that shows just how easy OpenPGP Studio is to use.

 

You can download OpenPGP Studio from the GoAnywhere website, and then let us know what you think!  If you need a more robust solution that includes automation, check out the GoAnywhere suite of products.

 

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

OpenPGP, PGP and GPG: What is the difference?

Posted by on Thursday, 18 July, 2013

With privacy capabilities of encryption methods such as PGP (Pretty Good Privacy), data security can be heightened and privacy can be achieved.  There are various approaches, however, and various elements of comparison for each of these acronyms.  This article will explore the differences between PGP, OpenPGP, and GPG (GNU Privacy Guard), offering brief histories of their creations and summaries of their capabilities.

PGP (Pretty Good Privacy)

The company, PGP Inc., owned the rights to the original PGP encryption software.  This software was developed by Phil Zimmermann & Associates, LLC and released in 1991 to ensure the security of files that were posted on pre-internet bulletin boards.  From 1997 until 2010, the software changed hands several times until it was acquired by Symantec Corp., who continues to develop the PGP brand.

PGP encryption uses a combination of encryption methodologies such as hashing, data compression, symmetric-key cryptography and public key cryptography to keep data secure.  This process can be used to encrypt text files, emails, data files, directories and disk partitions.

OpenPGP

Automate OpenPGP EncryptionZimmerman, one of the original PGP developers, soon began work on an open-source version of PGP encryption that employed encryption algorithms that had no licensing issues.

In 1997 he submitted an open-source PGP (OpenPGP) standards proposal to the IETF (Internet Engineering Task Force), to allow PGP standards-compliant encryption vendors to provide solutions that were compatible with other OpenPGP-compliant software vendors.   This strategy created an open and competitive environment for PGP encryption tools to thrive.

Today,  OpenPGP is a standard of PGP that is open-source for public use, and the term can be used to describe any program that supports the OpenPGP system.

GPG (GNU Privacy Guard)

GnuPGP was developed by Werner Koch and released in 1999 as an alternative to what is now Symantec’s software suite of encryption tools.  It is available as a free software download, and is based on the OpenPGP standards established by the IETF so that it would be interoperable with Symantec’s PGP tools as well as OpenPGP standards. Therefore, GPG can open and unencrypt any PGP and OpenPGP standards file.

GPG provides a graphic user interface when integrating into email and program systems such as Linux.  Some software solutions for encryption utilize GPG coding, while others encrypt using command line functions in a menu-based Perl script.

A variety of popular solutions have developed their PGP encryption products following the OpenPGP standards.  Some of these products include GoAnywhere OpenPGP Studio and GoAnywhere Director.

Summary

OpenPGP is the IETF-approved standard that describes encryption technologies that use processes that are interoperable with PGP.  PGP is a proprietary encryption solution, and the rights to its software are owned by Symantec.  GPG is another popular solution that follows the OpenPGP standards to provide an interface for end users to easily encrypt their files.

As the need to encrypt and protect data becomes ever more critical, organizations will continue to develop software based on these three systems.

 

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a technical analyst and writer for various technical and social media projects with Humanized Communications.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

FTP May Be Easy, But That May Be the Problem

Posted by on Monday, 23 April, 2012

It happens in your office every day:  someone on your team hits a roadblock when they realize that email just won’t handle the huge file they need to send – immediately. Or another coworker starts to send an account number or password via email and realizes that perhaps, email isn’t all that secure.

FTP alternative, managed file transferThat’s when the tech savvy gal in the corner suggests the obvious solution: just send that file or sensitive personal information via FTP!  She lists a variety of “free” tools that can be downloaded easily, as well as a couple cloud solutions, and in desperation (and often ignorance), your coworker takes her advice and a new FTPer is born.

FTP, or “file transfer protocol,” is a solution that’s been available for more than 30 years.  Within the last decade, so many free or inexpensive FTP tools have become available that many of us assume that FTP must be a reliable solution, or why would so many people be using it?

As we know with many of society’s ills, just because something is easy to find and popular to use doesn’t mean it’s a smart or effective idea.

The downside of FTP

While FTP may be able to send large files, standard FTP – like email — is not secure, and is therefore vulnerable to hackers.

Rogue FTP tools, like those free tools sprinkled on employees’ PCs, start to become a liability to the company, both financially and to its reputation and credibility.

To begin with, multiple employees with multiple FTP tools mean that no one has a master view of the flow of data in and out of your company. It’s impossible to know who is sending what to whom, and who is receiving files from where.

State and Federal laws require that data which contains personally identifiable information must be encrypted and secured. This also applies to most of the financial data that we collect and create. How can you keep tabs on all of this with a lot of FTP processes running on various PCs throughout the office?

Second, because FTP is not secure, the company increases its risk for a data breach.  Costs to notify those affected when a data breach occurs, combined with the fines that can be assessed, can be in the millions of dollars, not to mention the damage to the company’s brand.

If not FTP, then what?

One approach to control FTP traffic is to set up restrictions on the corporate firewall, essentially prohibiting access for all but specifically authorized personnel to the ports required for FTP processes to work.

Chances are, though, that the same tech savvy employee who suggested FTP in the first place also knows how to bypass this restriction by finding different ports or switching to online FTP services. For determined FTPers, even our cell phones are equipped to send and receive files.

So, if it’s hard to stop it, the next best option is to educate your employees, and to develop and promote clear expectations and consequences regarding sending files and sensitive data from work. Many employees want to do the right thing, but don’t understand the implications of sending sensitive data through the easiest – though not necessarily the safest – means.

Another option that is rapidly growing in popularity is the implementation of a managed FTP solution that can be configured to allow users to send and receive large files  and sensitive information within their daily workflow, but with the addition of administrative control and much greater security.

A managed file transfer solution such as Linoma Software’s GoAnywhere Suite, in combination with setting up appropriate firewall rules and educating all employees of corporate policy and procedures,  will keep your employees – tech savvy or not – productive and happy, and give your IT department peace of mind knowing that the company data is secure.

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a technical analyst and writer for various technical and social media projects with Humanized Communications.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube