Secure File Transfer (SFT)
Secure File Transfer (SFT) provides a complete enterprise platform for securely transferring department files using standard secure protocols (e.g., FTS/s, HTTP/s, SSH-FTP), to another server, Internet-connected client, or private IP network.
- FIPS 140
- Delegated Administration
- Provide customer ownership without customer headache
- Rapid deployment
- Customer peace of mind
- Fully redundant, highly-available, active-active Linux platform
- A Disaster Recovery option will be available in the future
Secure File Transfer, also known as Managed File Transfer, replaces the need for VPN connections (IPSec tunnels), magnetic tape, tape couriers and storage solutions, paper and postal service delivery, CD packaging processes, standard FTP, and other non-managed, unsecure methods of exchanging information in file-based formats.
- Microsoft Windows™
- UNIX and Linux
- Apple OS X™ or higher
- Microsoft Internet Explorer® 7 and 8
- Mozilla Firefox 2.x or higher
- SecureClient ™ 5.6 (or higher)
- SecureTransportTM Command Line (FDX) Client, version 4.5.1, 4.5.2
FTP and HTTPS Clients
- cURL 7.19 (HTTPS only)
- CuteFTP Professional 8.3.2
- Ipswitch WS_FTP Server 7.1
- LFTP 3.7.14
- FileZilla 3.0.0
- SmartFTP Client 3.0
- Igloo FTP Professional 3.9
- Core FTP v2.2
- IBM Mainframe client
- FileZilla 3.0.0
- Tectia Client 5.3, 6.0.7
- PuTTY 0.60 (pscp.exe and psftp.exe)
- VanDyke SecureFX 6.2.1
- SecureFile Transfer SCP and SFTP
- WinSCP 4.1.9
SFT includes the following security measures:
In addition to password-based authentication, SFT also supports client certificate authentication (either SSH keys or X.509 self-sign, CA-chained certificates). Client certificate authentication offers these advantages:
- No more lost or forgotten passwords.
- The ability to script or automate a transfer without having to embed a password in clear text
- Increased security – an attacker could potentially guess a weak password, but client certificates are practically failsafe.
- Encryption in Transit: SSL and SSH provide the standard encryption solution for data passing through the network. When a customer connects to SFT using a supported web browser or supported 3rd party SSL client, the server enforces an SSL connection. When a customer connects to SFT using a supported SFTP client, the server enforces an SSH connection. Both SSL and SSH connections are protected by the use of an official VeriSign certificate.
- Encryption at Rest: Data stored is encrypted using Triple Data Encryption Standard (3DES). When data is sent to SFT, it is decrypted in active memory on the DMZ Edge Server, transferred to the back-end using a propriety secure protocol then re-encrypted in active memory using 3DES before writing to disk. Therefore, files are never cached, written to a temporary file, or saved in an unencrypted format. Note: Some automation configurations do not support encryption at rest.
For more information, see Security Services.
- Based on Customer requirements and resources, CDT is available to recommend a file transfer client
- Operations and Systems Security: Customers are responsible for the integrity of their internal networks and local data.
- User Administration: See FAQs tab
- Desktop Systems: Customers have full responsibility for all file transfer client installation and configuration. However, purchase of the Axway SecureClient ™ from CDT includes setup and configuration assistance via remote access or telephone.
- Desktop Anti-virus Protection: Customers are strongly encouraged to employ up-to-date anti-virus protection software on each client station.
- File Transfer Support Issues: CDT and the customer’s Delegated Administrator(s) will work together to resolve any file transfer issues.
Are there upload/download limits on file size?
Can I log into my SFT account with a SSH key or X.509 certificate instead of a password?
Is there a Transfer Log and how long is it kept?
How long can the transferred files remain on the SFT servers?
Why can't we use plain old FTP?
How can I be notified of system upgrades and scheduled maintenance?
What is a Delegated Administrator?
User account holders request support from their Delegated Administrator(s), not from the CDT Service Desk. To promote security best practices, CDT Service Desk personnel are instructed to refer password reset and account unlock requests from end users to the customer’s Delegated Administrator. CDT SFT staff will accept requests for SFT support only from Delegated Administrators.
What is the SFT Maintenance Window?
What secure protocols does the SFT Service support?
Subscriptions to this service are available and can be referenced in the CDT Rate Schedule.
|Service Code||Service Description||Unit of Measurement||Rate||Group||Comment(s)|
|I115||Secure File Transfer One Time Setup||One-Time/Hour||$130.00||Web Services|
|I116||Secure File Transfer Service (includes 10GB data transfer)||Named User Account/Month||$12.30||Web Services|
|I117||Secure File Transfer Additional Data Transfer||Gigabyte||$10.00||Web Services|
|I118||Secure File Transfer Axway Secure Client Software||One-Time||$300.00||Web Services|
|R310||Disaster Recovery Secure File Transfer Set-up Fee||System||$8,932.00||Disaster Recovery|
|R311||Disaster Recovery Secure File Transfer Service||User||$1.40||Disaster Recovery|