Articles and news

SFTPPlus Release 3.43.1

Mon 07 January 2019 | general release

We are announcing the release of SFTPPlus version 3.43.1, which is a bugfix release.

The SFTP client now waits for a maximum of 60 seconds for the server to respond.

In previous versions it was waiting forever, causing transfers to stall if the server never responded to a request. This could happen if the server drops the connection during a transfer.

No other changes were done in this release on top of those in 3.43.0.

You can check the full release notes here.

• • •

Use Let's Encrypt to protect your FTP server

Fri 04 January 2019 | article

A brief history of FTP (in)security

The FTP protocol as used today was defined in 1985 (RFC 959) based on a design created in 1971.

It was designed without taking security into consideration. All transmissions are in clear text, including username, password, and actual transferred data. All FTP communication can be easily intercepted by anyone able to capture your local or Internet traffic.

This problem is common to many of the Internet Protocol specifications (Telnet, SMTP, IMAP, etc.) that were designed prior to the creation of encryption mechanisms such as SSL or TLS.

In 1997 (RFC 2228), the FTP protocol was extended, and specifications for using secure connections were set in place. The end result is what is commonly known as the FTPS protocol.

The FTPS protocol is also sometimes referred to as Secure FTP or FTP over SSL. All these names refer to the same protocol extension.

FTPS should not be confused with the SFTP protocol, a secure file transfer subsystem for the Secure Shell (SSH) protocol. FTPS is not compatible with SFTP.

Upgrade the security of your legacy FTP server

With the widespread popularity of wireless networks, it is easier than ever to monitor network traffic. And therefore capture usernames, passwords, and actual data sent over the plain old FTP protocol.

Until recently, in order to secure public FTP servers using TLS you had to buy and manually install an X509 / SSL Certificate from one of the trusted certificate authorities. A certificate was typically valid for 1 or 2 years, and the process of buying, obtaining, and then installing a new certificate was slow and painful, as most steps required manual interventions.

With the creation of the Let's Encrypt certificate authority, you can now automatically get a TLS certificate at no extra cost in a matter of seconds.

By switching to FTPS, usernames, passwords, and actual data transferred by your FTP server are protected using the latest security standard.

Let's Encrypt and FTPS

Let's Encrypt for FTPS Server

Let's Encrypt (sometimes shortened as LetsEncrypt) is a certificate authority that provides SSL/X.509 certificates at no charge.

SFTPPlus can automatically and seamlessly request certificates for HTTPS and FTPS file transfer services. You only need to configure the domain name, SFTPPlus will take care of the rest. No need to use external tools like letencrypt.exe copy files in paths like /etc/letsencryt or C:siteswwwroot.

For technical details on Let's Encrypt in general, and on using it with a FTPS server in particular, consult the dedicated article.

If you have decided to use Let's Encrypt, check our dedicated documentation page to see how to enable Let's Encrypt for your FTP server.

This resource is written as of SFTPPlus version 3.43.0.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, AIX, MacOS, Solaris, HP-UX, and FreeBSD.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.

• • •

SFTPPlus Release 3.43.0

Wed 19 December 2018 | general release

We are announcing the latest release of SFTPPlus version 3.43.0.

New Features

  • When defining a new password for an account, it is now possible to define a minimum level of complexity and strength. [#4700]
  • You can now set an email as part of the user's account details. [#5125]
  • You can now allow FTP/FTPS users to change their passwords. [server-side][ftp][ftps] [#5127]
  • The bundled OpenSSL library was updated to OpenSSL 1.1.0j on Windows, SLES 11, and OS X. [#5148]
  • A new event handler was added for extracting GZIP compressed files to a destination folder. [#5150]
  • Debian 8 (Jessie) on X86_64 is now a supported operating system. [#5152]

Defect Fixes

  • SFTP and SCP file transfer services no long fail when the client is sending a "keep alive" global request. [server-side][sftp][scp] [#5149]
  • We have updated the libraries used by SFTPPlus with patches addressing CVE-2013-7459 and CVE-2018-6594.

Deprecations and Removals

  • Debian 7 is no longer supported as it was replaced by Debian 8. [#5152-1]
  • Solaris 11 on SPARC and X86 is no longer receiving new SFTPPlus updates due to weak demand for Solaris 11 and increasing costs in keeping Solaris 11 infrastructure up to date. [#5152]

You can check the full release notes here.

• • •

Pro:Atria and SFTPPlus sponsor DVLA Code Challenge 2018 for School Children

Tue 18 December 2018 | article general

Pro:Atria is delighted to be a sponsor of the DVLA Code Challenge 2018 for School Children.

DVLA runs the competition to provide Schools, Code Clubs and Community groups in Wales with IT equipment and promote STEM (Science, Technology, Engineering and Mathematics) subjects aimed at children aged 7-14.

DVLA work with a number of Volunteer Organisations and Charities such as STEM Learning and Code Club (part of the Raspberry Pi Foundation Charity) to help teach children aged 7-14 Information Technology subjects in Primary Schools. This initiative is focused on a competition is to get children involved with coding games while providing an incentive and opportunity for the Schools and Clubs to win IT equipment and to promote the work of the volunteers and Charity organisations that actively engage with and support the schools to run these clubs.

The children choose from a number of themes provided by the associates and write a game to enter. Prizes are awarded to the teams reaching the final and every school or group that enters the competition or attends the event, either at the venue or via a live link is entered into a prize draw. The prize draw element encourages greater participation in schools so that we can reach as many schools and groups as possible - there are about 2200 in Wales.

In 2017 the project was able to place IT Equipment in over 50 Schools and groups in Wales and get hundreds of children aged 7 – 11 involved in coding.

In 2018 the event was even more successful with over 60 Primary and Secondary Schools across Wales winning prizes in the DVLA Code Challenge Competition.

Mark Jones, Head of Cyber Security Testing at DVLA said:

"All the entries we had this year were of a very high quality which shows just how much talent is out there, we just need to provide opportunities for the children to use it. This year we had 258 Entries from Primary Schools and 58 entries from Comprehensive Schools."

He went on to say:

"250 children aged 7 – 14 and teachers attended the event in the Richard Ley Development centre and a further 170 individuals from had stands and exhibits outside the venue. We could have filled the venue more than twice with the requests for tickets. We ran a Live Link and between 3000 and 4000 people watched the event stream with over 2500 votes cast for the winning entries."

This year there were 8 finalists and 1 special prize Finalists prizes in 7 – 11 category and 11 – 14 category.

The winners were:

7 – 11 Age Group

1st Prize - £2000 - BlaenBaglan Primary

2nd Prize - £1500 - Usk CiW Primary School

3rd Prize - £1000 - Gwyrosydd Primary School

Runner Up - £750 - Cadle Primary School

11 - 14 Age Group

1st Prize - £2000 - Cathedral School

2nd Prize - £1500 - Caerleon Comprehensive School

3rd Prize - £1000 - Dyffryn Conwy

Runner Up - £750 - Cyfarthfa High School

Special Prize Pontlliw Primary School

Beach Ball Bingo Winners 23 Schools won Lego Boost Educational Kits, Sparx Spheros and OhBot robotic heads.

Prize Draw Winners A further 28 Schools winning similar prizes

Tim Adams, Director of Pro:Atria said:

"We were delighted to be involved with this worthwhile event that was hugely successful with encouraging and engaging with young people. These young people will be the future coders and vital to the economic success of the country for decades to come. Our congratulations to all the winners as well as all entrants for their participation.To have so many enthusiastic children thinking and learning about all aspects of computers, gaming and security while winning IT equipment for the schools is a huge win/win for everyone involved and the DVLA is to be congratulated on organising such a successful event. We look forward to being part of the 2019 Challenge and hope that even more schools will be involved."

Further information from:

http://dvlacodechallenge.dvla.gov.uk/

https://www.sftpplus.com

About Pro:Atria Ltd:

Our worldwide customer profile includes government agencies and businesses large and small across Europe, USA, Middle East, Asia, Australia and Far East. Pro:Atria also works with integrators and system design teams including IBM, DXC, Fujitsu, Capita and Tata (amongst others). Customers are from all sectors including retail, financial, manufacturing, healthcare, education and transport as well as government agencies and departments. Support is provided by our team of staff who are based across Europe.

About SFTPPlus:

SFTPPlus MFT is a software suite for managed file transfer (MFT) with Client and Server that may be licensed and used as standalone modules or together as a MFT solution. SFTPPlus MFT provides functionality to automate file transfers between systems, users inside an organization and with third-parties. The software is designed to work on major operating systems including Windows, Linux and UNIX. SFTPPlus MFT supports the most popular file transfer protocols like FTPS, SFTP, HTTPS and WebDAV and provides external authentication support, integration with built-in and external logging solutions and audit functionality. SFTPPlus MFT also integrates with external encryption solutions and offers an API for third-party integrations.

• • •

Secure your FTPS server with Let's Encrypt

Thu 29 November 2018 | article

Introduction

Let's Encrypt for FTPS Server

What is Let's Encrypt?

Let's Encrypt (sometimes shortened as LetsEncrypt) is a certificate authority that provides SSL/X.509 certificates at no charge. You can read more on the subject in the Wikipedia article on Let's Encrypt.

A Let's Encrypt certificate is valid for 90 days, but it is recommended to renew it 30 days before expiration.

Certificates are provided using an automated process designed to automate creation, signing, installation, and renewal of certificates for websites in a secure manner.

Only Domain-validated certificates are being issued. Organization-Validated and Extended Validation (EV) Certificates are not available.

How does Let's Encrypt work?

Let's Encrypt uses the Automatic Certificate Management Environment (ACME) protocol.

ACME is a communications protocol for automating interactions between certificate authorities and their users, allowing automated deployments of public key infrastructure (PKI).

SFTPPlus as an ACME client

SFTPPlus implements the client side of the ACME protocol.

It can connect to the Let's Encrypt ACME server, and automatically request SSL/X.509 certificates, free of cost.

To prove that it has administrative rights over a domain, SFTPPlus runs an embedded HTTP server, available over port 80, which implements the HTTP-01 challenge of the ACME protocol.

SFTPPlus can automatically request certificates for HTTPS and FTPS file transfer services, as well as for the Local Manager web console.

The obtained certificates are signed by the Let's Encrypt authority, which is automatically trusted by all modern operating systems. For example, an FTP client using the Windows Certificate Store will automatically accept the certificate used to encrypt a connection to a SFTPPlus server using Let's Encrypt.

All this is done automatically through SFTPPlus' seamless Let's Encrypt integration. You only need to configure the domain name, SFTPPlus will take care of the rest. No need to use external tools like letencrypt.exe, store or copy files in directories like /etc/letsencryt or C:siteswwwroot.

Let's Encrypt and FTPS

While Let's Encrypt was created for HTTPS websites, you can use the same certificate signed by Let's Encrypt's Certificate Authority for FTPS communication.

You can use Let's Encrypt for any secure FTP protocol, be it Explicit FTPS or Implicit FTPS. The certificates can be used over both SSL and TLS, including TLS 1.2.

You still need to have port 80 opened or forwarded to SFTPPlus for the automated certificate generation and renewal.

Check our dedicated documentation page to see how to enable Let's Encrypt for your FTPS server.

This resource is written as of SFTPPlus version 3.42.0.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, AIX, MacOS, Solaris, HP-UX, and FreeBSD.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.

• • •