Earlier this year we sent a newsletter outlining the need for secure file transfers. You can read the article here http://www.unlimitedftp.ca/corporate/press/newsletter/newsletter-June2003.htm.

It may have left you wondering what your options are and hopefully this article will address them. Many options exist for securing your file transfers, including FTPS, SFTP, FTP over SSH tunnel, HTTPS and various other proprietary solutions (See below for descriptions of each technology). So which one is better, and which one is right for you? This is a tough question, and it boils done to a few issues. Do you have a dedicated IT person capable of deploying a secure file transfer solution? Does the new solution have to integrate with your existing infrastructure? Do you want installation on the end user's computer to be as simple as possible? Furthermore, some businesses or individuals simply need to secure their data, while others must adhere to strict guidelines and policies. To answer some of these points lets have a closer look at each technology.

SFTP (SSH file transfer protocol) is a file transfer implementation similar to FTP (File Transfer Protocol) but that is secured with the SSH (Secure Shell). SFTP actually has nothing to do with FTP as far as how it works and is not an extension of FTP. Instead it uses a combination of SCP (Secure Copy), and various other commands to simulate an FTP like client. Most Linux servers come equipped with SFTP capabilities, and add-ons are available for Windows as well. End users on Linux will likely already have a command line sftp client, and clients are also available for Windows. This option is best for end users who are not afraid of a command line and it is probably the cheapest solution out there… free. More information on the OpenSSH implementation of SFTP can be found here.

FTP over SSH uses the port forwarding features of SSH to tunnel standard FTP traffic through an SSH tunnel. This requires both an FTP client and SSH client installed on the client machine, and generally requires advanced knowledge of networking. There are a few clients out there that do all of this in the background. This option also requires you have a server with SSH installed on it. This is a better option than SFTP for novice end users because there is usually a nice GUI interface, and it uses free server technology like OpenSSH mentioned above. Most of the GUI clients are only available on Windows, and will set you back about $50 - $60 per seat.

FTPS (File Transfer Protocol over SSL), unlike SFTP, is actually an extension of FTP. FTPS uses SSL (Secure Socket Layer) to secure the command connection and optionally the data connection of an FTP session. This option is the most widely supported as far as number of clients available. There are a few free clients and many that cost $$$, usually $50 - $60 per seat. Most commercial FTP servers have support for FTPS built in, you just have to turn it on. Many free servers (proftd, wu-ftpd come to mind) also have FTPS support built in. The free servers will require some advanced knowledge, while most commercial servers can be setup in 5 minutes or less. This is probably the most popular option since it has the most vendor support, giving you lots of options. More information on FTPS can be found here.

HTTPS (HyperText Transfer Protocol over SSL) allows for secure upload and download of files through a web browser. Uploading through HTTPS is relatively simple to implement on your web server, and fairly easy to use for the client. There is literally no installation on the client side to take advantage of this. They just click on a “Browse…” button on your web page, select a file and click Submit. Very simple… but, (there's always a “but” isn't there?) this only allows you to upload one file at a time, and has no indication of progress for the user. This solution generally imposes limits on file sizes because files are stored in memory as they are uploaded. A major benefit of HTTPS is that even users behind strict firewalls and proxy servers can still upload files

Proprietary Technologies are also widely available. Most have their own client and server applications, and aim to make life very easy for the server admin and the end users. The problem is that many are platform dependant, limit your choices, and cost a lot of money. Whether the money is worth it depends on how you answered the questions listed above. If you are a small company, with little or no IT personnel, maybe it is worth it to you to pay extra to get that ease of use and support that comes with the high price tag. If you have an IT staff with some know how, you may be better off implementing one or more of the other solutions.

Unlimi-Tech currently provides a solution that uses HTTPS to encrypt FTP file transfers. It has all the benefits of FTP (multiple file uploads, large file support) the benefits of HTTPS (strong encryption, works through firewalls and proxy servers, easy to use), and requires no installation by the end user because it is web based. More information can be found at http://www.unlimitedftp.ca/products/unlimitedftp/secure/

We realize that some businesses prefer to choose their own server side technology, or use their existing infrastructure to secure their file transfers. For this reason, we are pleased to announce we will soon release UnlimitedFTP 3.0 which will support SFTP, FTPS, and HTTPS file transfers. It will be compatible with most if not all commercial and open source FTP servers that implement FTPS, and with most implementations of SFTP. Combine that with the ease of installation and cross platform compatibility of a Java application, and you get the most robust secure file transfer client on the market. We are looking for individuals who are interested in Beta testing software so please email us at info@utechsoft.com if you are interested.