480 likes | 2.39k Views
Secure File Transfer Protocol (SFTP). Not to be confused with Simple File Transfer Protocol or Secure file Transfer Protocol. Roshnee Ravikumar Suneetha Tedla. Outline. Background Why SFTP? What is it? When we use it? SFTP implementation and Application Pitfalls and challenges
E N D
Secure File Transfer Protocol (SFTP) Not to be confused with Simple File Transfer Protocol or Secure file Transfer Protocol. Roshnee Ravikumar Suneetha Tedla
Outline • Background • Why SFTP? • What is it? • When we use it? • SFTP implementation and Application • Pitfalls and challenges • Future work
Background Why SFTP? We are shutting off clear-text FTP access because when you log in with your username and password, people snooping on the network can capture all information sent. What is SFTP? SSH File Transfer Protocol (also Secret File Transfer Protocol,SecureFTP, or SFTP) is a network protocolthat provides file access, file transfer, and file management functionalities over any reliable data stream. (SSH) version 2.0 to provide secure file transfer capability When we use it? Big files, Regulatory transactions, Audits, Sensitive information
SFTP Benefits • Encrypted username/passwords • Encrypted data transfers • Prevent users from reading other users ftp data • Prevent full command line access from outside users • Prevent full command line access from any internet facing connection • Allow full command line access to System admin from internal network opening ‘ssh’ on port 2222
Implementation and Applications • Implementations to understand secure data transfer ( protocols, software) • openssh-server, /usr/local/etc/sshd_config • Uses SSH-2 • wxWidgets: 2.8.11 • GnuTLS: 2.10.2 • Key Authorizations • Certificates
Applications • Filezilla (Open Source) (uses as client) • WS-FTP Pro (client) • Open-ssh (Software) • WinSCP ( Windows Client) • FLASHFXP ( Software) • SEEBURGER( cloud computing) • Cyberduck (Cloud computing)
Highest-level results • Benefits are Secret sharingfiles and security, integrity, faster then traditional posting • Tradeoffs are necessary like performance and Exchanging keys or passwords
Pitfalls and Challenges • security vulnerability in applications and software • The Administrator user, password and software management and has to send an password to the users through an email and this is not good method • Port forwarding and TLS • Data Volume ( Reliable Networks???) • If the users does not clean up the old data and the files may be filled up the disk and admin has to come up with cron jobs to clean. • Data Accumalation.
Discoveries and Future work • Two formidable challenges to privacy: • Data need to transfer forever and how can we make it secure all the time. • Human mistakes ( giving wrong permissions to wrong people) • Disclosures of data and keys have become commonplace • Some of the applications came online to provide secure transfer and they suffer from data leakage. • (SEEBURGER Managed File Transfer Wins Award for Data Leakage Protection) beyond SFTP. • Textastic 2.1 for iPad adds SFTP support and more FTP options Make easy use of sftp for wireless
Secure File Transfer Protocol Questions???????