Secure File Transfer

Frequently asked questions and answers about SSH Tectia and secure file transfer:

  1. What does secure file transfer with SSH Tectia mean?
  2. Why should I not use FTP? 
  3. What kind of file transfers can I protect with SSH Tectia? 
  4. What products are needed to implement secure file transfer with SSH Tectia?
  5. What is the difference between secure file transfers and enhanced file transfers (EFT)?
  6. What security technology is used in SSH Tectia to protect file transfers?
  7. What are the differences between SFTP, SCP, and FTP over SecSh?
  8. How can I automate secure file transfers with SSH Tectia?
  9. Can I tunnel existing FTP applications without the need to replace them?
  10. How does SSH Tectia integrate file transfers between Windows/Unix/Linux and IBM z/OS mainframe environments?

 



Q1. What does secure file transfer with SSH Tectia mean?

SSH Tectia allows large organizations to implement secure automated and interactive file transfers throughout the network, both for internal and external file sharing. SSH Tectia provides secure drop-in replacements for traditional operating-system-level FTP and file copy tools, facilitating effortless transition from legacy file transfer to strong, Secure-Shell-based security. As a multi-platform software solution, SSH Tectia fits ideally to heterogeneous and distributed file transfer environments consisting of Windows, Unix, Linux, and IBM mainframe systems. Centralized deployment, maintenance, and monitoring of file transfer security offered by SSH Tectia Manager reduce the total cost of ownership and further increase system security.



Q2. Why should I not use FTP?

File Transfer Protocol (FTP) and many other commonly used file transfer methods do not have any built-in security, exposing the data to eavesdropping, illegitimate modification, and un-authorized access. For example, during the session establishment, an FTP client sends the password as plain-text over the network to the server. It is a trivial matter to capture the authentication credentials using readily available network monitoring tools, which can result in compromised user identities.

Also, the possibility to passively collect the transferred files that can include private customer data, such as bank account information, may cause violations of regulatory compliance and internal security policies. Furthermore, the lack of data integrity in FTP allows illegitimate modification of data by anyone who has access to the network, which may have severe consequences in critical applications such as financial reporting process or health-care applications.



Q3. What kind of file transfers can I protect with SSH Tectia?

SSH Tectia can protect both unattended, automated file transfers and interactive downloading and uploading of files between workstations and remote servers. Since SSH Tectia provides end-to-end communications security, data exchanges can be secured both in the internal network and for external access. Common file transfer operations that involve mission-critical data or high-level authentication credentials requiring security include:

  • Database maintenance such as back-up and recovery operations
  • Collection of log files
  • Exchange of business data with business partners and customers
  • Automated batch transfers (internal and external)
  • Periodic file transfers through cron jobs or Windows Scheduler
  • Centralized collection and distribution of files to and from IBM mainframes
  • Interactive downloading and uploading of files by corporate end users


Q4. What products are needed to implement secure file transfer with SSH Tectia?

SSH Tectia Client needs to be installed on the client-side and SSH Tectia Server on the remote file server. SSH Tectia Client for Windows includes an easy-to-use graphical user interface for interactive file transfers with a look and feel similar to Windows Explorer. For automated file transfers, both SSH Tectia Client and Server also provide client side command-line SFTP (Secure File Transfer Protocol) and SCP (Secure Copy) tools, enabling secure data exchange between unattended hosts.

SSH Tectia Server for IBM z/OS is available for secure cross-platform file transfers with IBM mainframes.

For enhanced file transfers (EFT), the SSH Tectia ConnectSecure allows expanded file transfer functionality that enable organizations to secure any FTP file transfer in hours or days rather than weeks or months.
Leveraging SSH’s in-depth experience with major network security deployments and the pervasive Secure Shell protocol itself, SSH Tectia ConnectSecure works with any commercial SSH or OpenSSH server product, thereby significantly expanding the range of enterprises, financial institutions, major retailers, and government agencies that can easily leverage the new cost-saving features.

SSH Tectia ConnectSecure includes automatic and transparent FTP to SFTP conversion, Transparent FTP Tunneling, and Transparent TCP Tunneling modules, which enable organizations to secure their business-critical data without modifications to their existing network infrastructure or applications. SSH Tectia ConnectSecure also includes key features to ease migration and is available on Unix, Linux, and Windows platforms.



SSH Tectia Manager is an optional product that allows centralized deployment, maintenance, and monitoring of large SSH Tectia environments, resulting in reduced total costs.



Q5. What is the difference between secure file transfers and enhanced file transfers (EFT)?

SSH Tectia Client and Server provide basic secure file transfer capability for replacing FTP in unattended file exchange as well as interactive transfers. SSH Tectia Client and Server provide both command-line SFTP and SCP tools, and interactive client-side GUI for Windows to enable basic secure file transfers. For those customers, who require more manageability and enhanced functionality, SSH Tectia ConnectSecure is available. Enhanced file transfer features available only in SSH Tectia ConnectSecure include:

  • Transparent FTP-SFTP Conversion module that simplifies FTP replacement projects by eliminating the need to modify existing scripted file transfers.
  • Transparent FTP Tunneling that enables organizations to secure any FTP file transfer with modifications to infrastructure or scripts.
  • A complete client-side SFTP API (Application Programming Interface) for Java and C enabling seamless integration of secure file transfer capability to applications and third-party file transfer management systems.
  • Accelerated file transfer performance with the new SSH G3 architecture and optional CryptiCore algorithm to meet critical deadlines and reduce hardware overhead requirements.
  • Checkpoint/restart mechanism that provides fault tolerance for large file transfers without performance penalties for increased user productivity, improved transfer reliability, and easier file transfer management.


Q6. What security technology is used in SSH Tectia to protect file transfers?

SSH Tectia uses the SFTP (Secure File Transfer Protocol) and SCP (Secure Copy) technologies, based on the IETF Secure Shell protocol. SSH Communications Security is the original developer of Secure Shell and is proactively developing the technology further to meet the requirements of business-critical file transfers, both today and in the future. The Secure Shell implementation of SSH Tectia incorporates standards-based strong cryptography including AES, 3DES, DSA, and RSA algorithms. The underlying cryptographic libraries have been FIPS 140-2 certified making SSH Tectia highly suitable for even the most demanding government and enterprise environments.



Q7. What are the differences between SFTP, SCP, and tunneling of FTP?

To meet different customer requirements, SSH Tectia offers several options for securing file transfers.

  • SFTP (Secure File Transfer Protocol) is a secure replacement for FTP (File Transfer Protocol) based on the Secure Shell protocol. Unlike FTP, SFTP encrypts both commands and data content providing effective protection against common network security risks. SSH Tectia Client and Server provide both command-line SFTP tools and a graphical user interface for Windows users.
  • SCP (Secure Copy) is a non-interactive command-line tool for securely transmitting files from a machine to another. It is a secure replacement for RCP and provides a similar command-line syntax. SCP is based on SFTP but is often a more suitable choice when setting up unattended file transfers using scripts.
  • FTP over Secure Shell is based on the tunneling capability of the Secure Shell protocol. Instead of replacing FTP with SFTP or SCP, it is also possible to tunnel existing FTP applications by using the SSH Tectia client/server solution. This may be a preferable option when the users want to continue using their existing FTP applications instead of replacing them with a new user interface.
SSH Tectia ConnectSecure includes a module for automatic transparent FTP-SFTP conversion. The FTP-SFTP conversion module captures the FTP traffic of a client application before the transfer starts, and converts the FTP connection to SFTP. The connection is made to an SSH Tectia SFTP server instead of an FTP server. All usernames, passwords, and data is automatically secured. No changes to the client-side application or scripts are needed.



Q8. How can I automate secure file transfers with SSH Tectia?

SSH Tectia includes versatile command-line tools and APIs for secure file transfers. SFTP (Secure File Transfer Protocol) and SCP (Secure Copy) are provided as secure drop-in replacements for FTP and RCP tools. By using existing scheduling systems (e.g. cron jobs or Windows Scheduler) and scripting, system administrators can easily set up automated file transfer jobs such as daily batch transfers during off-peak hours. SSH Tectia supports non-interactive authentication methods such as file-based public-key authentication, which enables unattended secure operations. For further convenience, SSH Tectia Client supports batch-mode transfers, facilitating easy scripting of SFTP operations.

SSH Tectia ConnectSecure is an ideal solution to cost-effectively secure enterprise file transfers in large and heterogeneous networks. SSH Tectia ConnectSecure allows API-level integration of automated file transfers and transparent FTP-SFTP conversion for completely transparent file transfer security without the need to modify the existing scripts or applications.



Q9. Can I tunnel existing FTP applications without the need to replace them?

SSH Tectia ConnectSecure and SSH Tectia Server for IBM z/OS supports Transparent FTP Tunneling, which automatically and transparently transfers directs FTP traffic over a secure encrypted connection.  The advanced self-configuration feature enables automatic setup of the connections for quick and easy deployment. By using this functionality of SSH Tectia ConnectSecure, users can continue using their existing FTP applications with strong security as SSH Tectia takes care of strong authentication as well as integrity and encryption of the data.



Q10. How does SSH Tectia integrate file transfers between Windows/Unix/Linux and IBM z/OS mainframe environments?

SSH Tectia has been designed to enable seamless cross-platform data exchange between IBM mainframes and non-mainframe systems. For example, SSH Tectia Server for IBM z/OS incorporates full code set translation including ASCII-EBCDIC for file transfers between mainframe and Windows/Unix/Linux. SSH Tectia is also capable of listing MVS data sets interactively as files and folders with command-line SFTP tools. Windows users of SSH Tectia Client can easily drag-and-drop files between Windows workstations and mainframes without any changes to the legacy applications.

For further mainframe integration, SSH Tectia Server for IBM z/OS incorporates direct streaming for all MVS operations, which improves file transfer performance by eliminating any additional memory and disk operations required for transferring files in MVS.