By Mohammed Boukantar | Date posted: April 21, 2016
What is SFTP and why is it important? Secure File Transfer Protocol (SFTP) provides the ability to access, transfer and manage files over a secure channel. SFTP was created by Internet Engineering Task Force (IETF) with the goal of creating a method of transferring files securely.
Although SFTP is similar to FTP in name, they are very different. File Transfer Protocol (FTP) utilizes two separate channels to exchange data, the command channel and data channel. SFTP exchanges data via an individual encrypted channel where the data is exchanged in encrypted, formatted packets. SFTP has become widely adopted due to its additional security compared to FTP.
Forum Sentry can be setup as a simple proxy, offering SFTP, built on hardened and certified PKI core. Most implementations use PKI-based authentication that involves creating, distributing, and managing those keys. Forum Sentry sits right in the middle allowing you to configure an SFTP listener and bridge the incoming traffic to a remote server supporting SFTP and a variety of protocols. Most common protocol bridging/mixing use cases include:
- SFTP –> SFTP
- SFTP –> HTTP(S)
- SFTP –> MQ/JMS
For SFTP traffic, Forum Sentry provides easy methods of managing the authentication schemes whether you’re doing basic authentication or public key authentication. These two authentication methods create four different authentication combinations possible and Forum Sentry supports all four.
Forum Sentry also provides IDP rules management to enable a more secure file transfer process. Common IDP rule policies include: anti-virus scanning, payload inspection, authentication failures, firewall rule violations, and many more customizable rules. Once implemented, these IDP rules will filter out files that do not meet the proper criteria.
We will provide more detail on how to setup an SFTP proxy and protocol mixing in our next tutorial on SFTP.