Roshnee Ravikumar Suneetha Tedla Not to be confused with Simple File Transfer Protocol or Secure...
-
Upload
vanessa-baldwin -
Category
Documents
-
view
215 -
download
2
Transcript of Roshnee Ravikumar Suneetha Tedla Not to be confused with Simple File Transfer Protocol or Secure...
Secure File Transfer Protocol (SFTP)
Roshnee Ravikumar Suneetha Tedla
Not to be confused with Simple File Transfer Protocol or Secure file Transfer Protocol.
1. Background Why SFTP? What is it? When we use it?2. SFTP implementation and Application3. Pitfalls and challenges4. Future work
Outline
Why SFTP? We are shutting off clear-text FTP access because when you
log in with your username and password, people snooping on the network can capture all information sent.
What is SFTP?SSH File Transfer Protocol (also Secret File Transfer Protocol,
Secure FTP, or SFTP) is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. (SSH) version 2.0 to provide secure file transfer capability
When we use it?Big files, Regulatory transactions, Audits, Sensitive information
Background
Encrypted username/passwords Encrypted data transfers Prevent users from reading other users ftp
data Prevent full command line access from
outside users Prevent full command line access from any
internet facing connection Allow full command line access to Unix
admin from internal network opening ‘ssh’ on 2222
SFTP Benefits
Implementation and Applications Implementations to understand secure
data transfer• openssh-server, /usr/local/etc/sshd_config• Uses SSH-2• wxWidgets: 2.8.11 • GnuTLS: 2.10.2• Key Authorizations• Certificates
• Filezilla (Open Source) (uses as client)• WS-FTP Pro (client)• Open-ssh• WinSCP • FLASHFXP • SEEBURGER( cloud computing)• Cyberduck (Cloud computing)
Applications
• Benefits are Secret sharing files and security, integrity, faster then traditional posting
• Tradeoffs are necessary like performance and Exchanging keys or passwords
Highest-level results
Pitfalls and Challenges security vulnerability in applications and
software
The Administrator user, password and software management and has to send an password to the users through an email and this is not good method
If the users does not clean up the old data and the files may be filled up the disk and admin has to come up with cron jobs to clean.
Leaving very big files and old data can cost the organizations
Discoveries and Future work Two formidable challenges to privacy:
◦ Data need to transfer forever and how can we make it secure all the time.
◦ Human mistakes ( giving wrong permissions to wrong people)◦ Disclosures of data and keys have become commonplace◦ Some of the applications came online to provide secure transfer
and they suffer from data leakage.
(SEEBURGER Managed File Transfer Wins Award for Data Leakage Protection) beyond SFTP.
Textastic 2.1 for iPad adds SFTP support and more FTP options
Make easy use of sftp for wireless
Questions???????
Secure File Transfer Protocol