Secure File Transfer Protocol (SFTP)

Roshnee Ravikumar Suneetha Tedla

Not to be confused with Simple File Transfer Protocol or Secure file Transfer Protocol.

1. Background Why SFTP? What is it? When we use it?2. SFTP implementation and Application3. Pitfalls and challenges4. Future work

Outline

Why SFTP? We are shutting off clear-text FTP access because when you

log in with your username and password, people snooping on the network can capture all information sent.

What is SFTP?SSH File Transfer Protocol (also Secret File Transfer Protocol,

Secure FTP, or SFTP) is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. (SSH) version 2.0 to provide secure file transfer capability

When we use it?Big files, Regulatory transactions, Audits, Sensitive information

Background

Encrypted username/passwords Encrypted data transfers Prevent users from reading other users ftp

data Prevent full command line access from

outside users Prevent full command line access from any

internet facing connection Allow full command line access to Unix

admin from internal network opening ‘ssh’ on 2222

SFTP Benefits

Implementation and Applications Implementations to understand secure

data transfer• openssh-server, /usr/local/etc/sshd_config• Uses SSH-2• wxWidgets: 2.8.11 • GnuTLS: 2.10.2• Key Authorizations• Certificates

• Filezilla (Open Source) (uses as client)• WS-FTP Pro (client)• Open-ssh• WinSCP • FLASHFXP • SEEBURGER( cloud computing)• Cyberduck (Cloud computing)

Applications

• Benefits are Secret sharing files and security, integrity, faster then traditional posting

• Tradeoffs are necessary like performance and Exchanging keys or passwords

Highest-level results

Pitfalls and Challenges security vulnerability in applications and

software

The Administrator user, password and software management and has to send an password to the users through an email and this is not good method

If the users does not clean up the old data and the files may be filled up the disk and admin has to come up with cron jobs to clean.

Leaving very big files and old data can cost the organizations

Discoveries and Future work Two formidable challenges to privacy:

◦ Data need to transfer forever and how can we make it secure all the time.

◦ Human mistakes ( giving wrong permissions to wrong people)◦ Disclosures of data and keys have become commonplace◦ Some of the applications came online to provide secure transfer

and they suffer from data leakage.

(SEEBURGER Managed File Transfer Wins Award for Data Leakage Protection) beyond SFTP.

Textastic 2.1 for iPad adds SFTP support and more FTP options

Make easy use of sftp for wireless

Questions???????

Secure File Transfer Protocol