9 Important Tips For Securing Your SFTP Server

SFTP is a file transfer method that uses secure shell encryption that provides complete security in receiving or sending files.

06:44 24 January 2022

SFTP, also known as Secure File Transfer Protocol, is a file transfer method that uses secure shell encryption that provides complete security in receiving or sending files. SFTP is the same as FTPS, such that it uses AES and similar algorithms to protect data being exchanged between different computers. GoAnywhere’s SFTP server protects all of the organization’s data among files that are exchanged. This article outlines some tips to help you secure your SFTP server.

 

• Account Management

OS-level access user accounts are not considered secure. Client credentials should be separated from FTP and SFTP applications with alerts for unusual activity. Account usernames should comprise a minimum of 7 characters, and there should be an automated disabling mechanism if an account is inactive for 90 days or in case of 6 login failures. 

 

• Strong Passwords

To save your account from getting hacked because of the password, a secure password following alphanumeric, at least 15 characters, and special characters should be set. This should also be changed every 90 days.

 

• Administrator Security

The hacks of present-day take advantage of the human factor, like a phishing attack asking the administrator to reset passwords. To eradicate this threat, server access should be limited to administration. The use of standard IDs like ‘admin’ or ‘root’ should also be avoided.

 

• Hashing and Encryption

The increase in the power of computers has made hash algorithms vulnerable to brute force attacks. The DES ciphers and blowfish are easily broken and outdated, so the ciphers like Advanced Encryption Standard (AES) should be used. Hash or Mac algorithms used to verify transmission integrity should also be replaced with new, stronger ones.

 

• FTPS Protocols

FTPS techniques are singularly unsafe, allowing clients to connect to networks without requesting encryption, making it insecure. This feature should be disabled in favor of implicit encryption. Outdated protocols should be replaced with the latest versions of SSL and TLS protocols.

 

• Files Security

Hackers can exploit the abuse of file permission access. Clients should not be allowed access to entire directories while requiring permission to download or upload files. Files at rest should be encrypted, especially if stored in the DMZ and retained only according to requirement.

 

• IP Whitelists and Blacklists

DOS or Denial-of-Service attacks, being widespread, should help program the FTP or SFTP server to blacklist malicious IP addresses. Whitelisting some clients to your network can also be used, but it works with a few traffic sources using static IP addresses.

 

• Standard FTP Server

The standard FTP should be disabled in favor of secure file transfer protocol or SFTP servers due to its lack of integrity and privacy. SFTP servers provide a secure connection to protect your clients and business. 

 

• Other SFTP Practices

• SFTP should be kept up to date
• Use of the default SFTP software version will hint hackers on how the server can be breached 
• The back-end database should be kept on a different server
• Good key management should be implemented
• Consider re-authentication of inactive sessions

 

By considering these advantages and best practices, you can secure our SFTP server. Anyone can have an SFTP server but using it in the right way matters in the system's security.