1 / 10

Secure File Transfer Protocol (SFTP)

Secure File Transfer Protocol (SFTP). Not to be confused with Simple File Transfer Protocol or Secure file Transfer Protocol. Roshnee Ravikumar Suneetha Tedla. Outline. Background Why SFTP? What is it? When we use it? SFTP implementation and Application Pitfalls and challenges

evette
Télécharger la présentation

Secure File Transfer Protocol (SFTP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure File Transfer Protocol (SFTP) Not to be confused with Simple File Transfer Protocol or Secure file Transfer Protocol. Roshnee Ravikumar Suneetha Tedla

  2. Outline • Background • Why SFTP? • What is it? • When we use it? • SFTP implementation and Application • Pitfalls and challenges • Future work

  3. Background Why SFTP? We are shutting off clear-text FTP access because when you log in with your username and password, people snooping on the network can capture all information sent. What is SFTP? SSH File Transfer Protocol (also Secret File Transfer Protocol,SecureFTP, or SFTP) is a network protocolthat provides file access, file transfer, and file management functionalities over any reliable data stream. (SSH) version 2.0 to provide secure file transfer capability When we use it? Big files, Regulatory transactions, Audits, Sensitive information

  4. SFTP Benefits • Encrypted username/passwords • Encrypted data transfers • Prevent users from reading other users ftp data • Prevent full command line access from outside users • Prevent full command line access from any internet facing connection • Allow full command line access to System admin from internal network opening ‘ssh’ on port 2222

  5. Implementation and Applications • Implementations to understand secure data transfer ( protocols, software) • openssh-server, /usr/local/etc/sshd_config • Uses SSH-2 • wxWidgets: 2.8.11 • GnuTLS: 2.10.2 • Key Authorizations • Certificates

  6. Applications • Filezilla (Open Source) (uses as client) • WS-FTP Pro (client) • Open-ssh (Software) • WinSCP ( Windows Client) • FLASHFXP ( Software) • SEEBURGER( cloud computing) • Cyberduck (Cloud computing)

  7. Highest-level results • Benefits are Secret sharingfiles and security, integrity, faster then traditional posting • Tradeoffs are necessary like performance and Exchanging keys or passwords

  8. Pitfalls and Challenges • security vulnerability in applications and software • The Administrator user, password and software management and has to send an password to the users through an email and this is not good method • Port forwarding and TLS • Data Volume ( Reliable Networks???) • If the users does not clean up the old data and the files may be filled up the disk and admin has to come up with cron jobs to clean. • Data Accumalation.

  9. Discoveries and Future work • Two formidable challenges to privacy: • Data need to transfer forever and how can we make it secure all the time. • Human mistakes ( giving wrong permissions to wrong people) • Disclosures of data and keys have become commonplace • Some of the applications came online to provide secure transfer and they suffer from data leakage. • (SEEBURGER Managed File Transfer Wins Award for Data Leakage Protection) beyond SFTP. • Textastic 2.1 for iPad adds SFTP support and more FTP options Make easy use of sftp for wireless

  10. Secure File Transfer Protocol Questions???????

More Related