01/06/2010

What is Secure FTP Hosting?

The FTP protocol which all FTP servers and clients use today is based on the document RFC 959, written in 1985, celebrating it's 25th anniversary this year.  For those of you who remember 1985 the Internet was akin to a reckless teenager with very little concern for the consequences of it's decisions.  There were no viruses, spam or 411 scams and for the few people who were using the Internet protocol security wasn't a major concern.

Fast forward 25 years later and while a lot has changed, as much has stayed the same.  Today, security is a major concern.  Businesses and consumers alike use the Internet each day to transmit sensitive information and it is the job of so called "hackers" to get at this information.  The FTP protocol has matured a bit to meet the needs of security.  In 1997, 12 years after RFC 959, RFC 2228 was released.  This specification details how FTP user credentials and data can be sent securely over the network using encryption.  Prior to RFC 2228, FTP user credentials (username and password) and data (files) were sent over the network in the clear making this information susceptible to interception by a 3rd party.  Today, any FTP client or server worth it's weight offers support for RFC 2228, commonly referred to as FTPS (not to be confused with SFTP).  Using FTPS you ensure that your data and network credentials are sent over the network securely.

Despite the availability of FTPS, a large number of FTP servers and hosting providers exist today that continue to accept plain FTP connections.  This is a very risky practice that has resulted in several data breaches over the years leaking credit card numbers, social security numbers, banking records, health care records and other sensitive information. 

In the last few years this risky practice has decreased as large companies become subject to government compliance requirements such as HIPAA, Sarbanes-Oxley and PCI-DSS which prohibit the insecure exchange of data.  Those companies that continue to use plain FTP are typically small to medium size businesses who have yet to make the switch.  MFTExpress makes this switch easy with absolutely no software to install or manage.

MFTExpress has always considered security a top priority offering only secure file transfer protocols and rejecting those sessions that do not use encryption.  MFTExpress does this to protect it's customers and their data. 

In evaluating FTP hosting companies always verify that they require secure sessions when connecting.  This is different than a company who offers secure sessions.  FTP hosting companies that offer but do not require secure sessions run the risk of a user using the default FTP client connection settings and connecting using an insecure protocol without the users knowledge.  MFTExpress refuses all insecure connections eliminating this risk altogether.


Posted at 11:14 AM in Articles, FTP, SFTP | | Comments (0)

Technorati Tags: ,

12/14/2009

Streamlining web uploads using ZIP archives

MFTExpress offers both HTML and Java applet based user interfaces.  One of the advantages of the Java applet interface is that it can be used to transfer entire directories recursively.  This is in comparison to the HTML interface which requires that each file must be selected prior to upload.  Additionally, the Java applet interface includes a ZIP Upload feature which is the focus of this article.

ZIP Upload

The ZIP Upload feature, available only in the Java applet interface, allows you to select one or more local files/directories for upload.  These files are compressed into a single ZIP archive prior to upload.  The advantages of this feature are:

1.  Single connection.  When uploading multiple files without using ZIP Upload a new connection for each file must be made prior to upload.  For a large number of files this can take some time given that each file requires it's own connection.  In the case of very small files (e.g. < 5KB) you can find that the amount of time to make the connection can exceed the amount of time needed to transfer the data.   Using the ZIP Upload feature all files are compressed into a single archive before transfer.  This means that only a single connection is needed to transfer the file.  Compare this to several hundred connections needed for an equal number of files when not using the ZIP Upload feature.

2.  Data compression.  Your files will be compressed prior to transfer.  This compression makes your files smaller and ultimately reduces the amount of time needed to perform a transfer.  The amount of data compression depends largely on the source files.  For example, text files tend to offer much better compression than binary files.

Using ZIP Upload

To use the ZIP Upload feature perform the following:

1.  After login, switch to Java applet interface.  Next, select the local files and/or directories to be uploaded.  The ZIP Upload icon is then enabled.

Clip1

2.  Next you will be presented with a dialog that prompts you for the name to use when creating the ZIP archive.  This will also be the name used when storing the archive on the remote server.  Enter the desired destination filename and click OK.

Clip2


3.  The selected files are automatically compressed and uploaded to server using the filename provided in previous dialog.

Clip3

Posted at 11:27 AM in Articles | | Comments (0)

Technorati Tags: , , ,

12/12/2009

What is the difference between passive and active FTP?

This is a common question asked by users of MFTExpress.  To answer this question please see an article previously posted on the JSCAPE blog at:

http://blog.jscape.com/jscape/2008/05/what-is-the-d-1.html

Posted at 09:44 AM in Articles, FTP | | Comments (1)

Technorati Tags: ,