FTPS Secure SSL File Transfer

FTPS Secure SSL File Transfer

FTPS is a protocol for transferring files using SSL to secure the commands and data that are being transferred between the client and the server. Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, FTP and other data transfers. The SSL protocol was developed by Netscape Communications Corporation to provide security and privacy over the Internet.  Due to the widespread use of SSL, it can be considered a "de facto standard".

FTPS supports channel encryption as defined in RFC 2228. With FTPS, data transfers take place in a way designed to allow both parties to authenticate each other and to prevent eavesdropping, tampering, and forgery on the messages exchanged.

FTPS should be used when you need to transfer sensitive or confidential data between a client and a server that is configured to use SSL for secure transactions.

How FTPS Works

When establishing an SSL secure session, the following steps occur:

1. Authenticate the server to the client.
2. Allow the client and server to select the cryptographic algorithms, or ciphers, that they both support.
3. Optionally authenticate the client to the server.
4. Use public-key encryption techniques to generate shared secrets.

Establishing an Encrypted SSL Connection

Server authentication allows a user to confirm a server's identity. SSL-enabled client software can use standard techniques of public-key cryptography to check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the client's list of trusted CAs. This confirmation might be important if the user, for example, is sending a credit card number over the network and wants to check the receiving server's identity.

The client encrypts the premaster secret with the server's public key. Only the corresponding private key can correctly decrypt the secret, so the client has some assurance that the identity associated with the public key is in fact the server with which the client is connected. Otherwise, the server cannot decrypt the premaster secret and cannot generate the symmetric keys required for the session, and the session will be terminated.

Public Key Cryptography

Public key cryptography assures private and secure data transmission through two processes: authentication and encryption. Authentication ensures that the data sender is exactly who or what it claims to be. Encryption, the most effective way to achieve data security, is the process of translating data into a secret code. To demonstrate the difference between 56-bit, 128-bit and 256-bit encryption, consider the following example:

Sending information without encryption is like sending a postcard through the mail - the contents are visible to anyone who wants to see it. Using this analogy, 56-bit encryption is like sending the information in a plain white envelope, and 256-bit encryption is like encasing your data in a lead-lined, 6-inch thick titanium safe that is being transported by an armored tank with a convoy of a hundred armed guards.

Public and Private Keys

Authentication and encryption use digital codes called "keys" - a public and a private key. The public key is used to encrypt messages, and the corresponding private key is used to decrypt them. It is important to note, however, that despite their symbiotic association, it is virtually impossible to infer the private key if you know the public key.

The public key has two major functions: validation and data encryption. As its name suggests, the public key is openly published to any party requesting one of these two functions.

The private key on the other hand, is necessary for encrypting data (also called signing) and for decrypting. Unlike the public key, this key is closely guarded.

Digital Certificates

Digital certificates are a standard way of binding a public key to a name. In order to provide a digital certificate, the data sender must apply for a digital certificate from a Certificate Authority (CA) such as VeriSign. This way, the CA acts as a neutral third party that verifies the data sender is who or what they claim to be. Once this information is verified, the CA can issue a public key certificate for that party to use. The most commonly used standard for digital certificates is X.509. A universal standard of this sort is necessary because in order to send encrypted data, you must know the recipient's public key.

PASSPORT FTP Client Features

• Full compliance with IETF RFC 959 file transfer protocol specifications
  Standalone FTP client and integrated FTP file transfer within terminal emulation session
• SSL security (FTPS) (IETF RFC 4217 Securing FTP with TLS) featuring data channel encryption and client authentication
• SSH security (SFTP) (PuTTY SSH implementation for Win32)
• Asynchronous interface to Windows sockets TCP/IP driver results in fastest file transfer data rate possible with minimum amount of system resources
• Ability to create and save file transfer schemes
• Ability to transfer a list of files
• Information from last 16 file transfers saved
• Send and receive file transfer can be initiated in multiple ways, including drag and drop, menu commands and cut/copy/paste commands
• Look and feel of Windows Explorer with menu bar, toolbar, status bar, three window panes (PC directory structure and file list, host directory structure and file list, connection log and error messages) that can be interactively resized and displayed as icons, details or list
• Files and icons can be sorted by size, date, type, permission, owner and group and can be automatically arranged 

The PASSPORT FTP Client provides both secure file transfer using either FTPS or SFTP. For FTPS connections, PASSPORT can be configured to encrypt the data channel. Selecting this option encrypts both the data and the control channel.

Why PASSPORT?

As one of the market's very first IP-based connectivity solutions, the mature, feature-rich package is an ideal replacement for older desktop-based emulators, including Attachmate® EXTRA!®, IBM Personal Communications, NetManage® Rumba® and WRQ® Reflection®. With its competitive pricing and licensing options, you can save 50% to 75% on the amount of money you would normally spend for host access.

Zephyr's 20+ years of experience in developing host access solutions results in products with unparallelled stability. All of the cumulative knowledge on issues ranging from handling the host data stream, session establishment and management, legacy data structure and more are evident in Zephyr's next generation products. If your organization seeks top-notch host access solutions for Microsoft Windows, Zephyr and its PASSPORT family of products and services is the company and product of choice.