The options for file transfer are numerous. When you have a business, there are additional requirements to keep data secure and file transfers compliant with various regulations. SFTP site setup can usually fit the bill (and those pesky requirements.)
Hosting Your Own SFTP Server
Cloud services and hosting your own server are the standard SFTP server options. There are several things to consider when hosting your own server and doing the SFTP site setup yourself.
Key considerations when hosting your own SFTP server:
- Setting up server hardware
- Incorporating hardware into your network
- Hardening the server, including installation and configuration of monitoring tools and firewalls
- Backup plan and implementation
- Ongoing maintenance including periodic software updates
SFTP Site Setup & Security
Next, you’ll want to determine whether to allow standard file transfer protocol or SFTP only. Many legacy systems rely on FTP transfers, but that poses an increased risk to data security. FTP is a reliable and fast way to transfer large files but lacks any encryption of data during transfer.
One way to secure data is by using SFTP, which is a secure protocol. SFTP site setup requires authentication by the server to use the SFTP protocol. Setting up SSH keys for secure passwordless login via SFTP allows systems to connect to perform automated file transfer tasks.
Another option is to disable terminal access for external users. Taking this security measure prevents people from having command line access to your server. Unless terminal access is specifically required, this eliminates remote command execution on the server outside of authorized SFTP connections.
On the topic of security, making sure your server isn’t using outdated encryption algorithms is necessary. Setting up an SFTP site usually means you want your data encrypted in transit. SFTP does this automatically. As encryption methods can vary, you need to specify SFTP when configuring the server.
Server Visibility & Restrictions
Will the server be available on your internal network as well as externally? If providing external access, make sure that traffic is coming through a gateway server rather than directly accessing the SFTP server.
Do you need to limit who can get to the server? Limiting by IP address prevents unauthorized access. You’ll need to configure your firewall with these restrictions during your initial server and SFTP site setup, as well as update the firewall whenever new IP addresses are approved. Include your own IP and any IP addresses for locations you intend to work from to ensure uninterrupted access as you continue through your configuration options.
Implementing strong password requirements reduces the chances of a successful brute force attack on the server. The longer the password, the better, but only if it contains an alpha-numeric mix. Including special characters increases a password’s strength. Limiting the number of incorrect login attempts also cuts down on your risk.
While setting up limits and restrictions for your SFTP server access, consider your internal controls. Lock down who has administrative rights to the server. Consider who will be uploading files to and downloading from the server.
Do users need additional rights to delete, rename, move, or otherwise modify files on the server? Utilize permissions to limit who has complete access and grant full admin privileges only to trusted users.
…Or Use A Hosted SFTP Site
Avoid the headaches of server configuration and maintenance with a hosted SFTP site. Let ExaVault do the hosting for you. Get all the benefits of a secure server for data storage and file transfer with modern features that make your life easier without building and developing them yourself.
With an ExaVault SFTP site, we take care of the hardware, firewall, and software components for you. Choosing hosted SFTP provides a significant cost reduction for your business — there is no need for you to purchase extra hardware or pay staff to monitor and administer the server.
SFTP Site Setup with ExaVault
We have easy-use configuration options for everything from user rights to enabled protocols to IP address restrictions. All you have to do is sign up for an account and select your preferences. Additional security preferences can be updated or changed at any time from the online admin portal.
Users & Permissions
A hosted service that supports SFTP file transfer gives more flexibility to managing users. Our user import tool lets you quickly add large numbers of users to your system. Permissions can be set on a per-user basis so that human users or systems can only perform actions you allow.
SSH keys often come hand in hand with an SFTP site. However, they can be tricky to set up. ExaVault SSH key support allows you to let users create automated, secure passwordless connections for scheduled data transfers. It’s quick and easy to generate new SSH key pairs for users in the online application. We also allow you to add public keys provided by your users.
Get up and Running via SFTP
Once you have signed up for an ExaVault account, here are the things you need to do to complete your SFTP site setup.
Create your folder structure. Determine how you want files to be visible to users. Is everything in one big folder? Or, are you locking users to a home folder so they can only interact with files in that folder location? Setting up a folder structure improves file management and can improve your workflows when organized by project, department, or client.
Create your users. In the web interface, it takes just a few seconds to add a new user, assign a home folder, and specify their usage rights. You can automatically send a welcome email to new users with information on getting connected and using the SFTP site.
Set up optional server-wide security settings.
- Utilize secure connection methods – turn off unencrypted FTP access, so only SFTP access is allowed for file transfer.
- Add IP range-restricted if needed.
- Enable password restrictions that enforce the use of complex passwords.
Now your SFTP site is set up, configured to meet your business requirements, and ready to transfer files!
Ready to get started with a hosted SFTP site? Sign up for ExaVault today!