Managed File Transfer and Network Solutions

Secure FTP Simplified

Posted by John Carl Villanueva on Fri, Jul 05, 2013 @ 11:27 AM


If you google the term secure FTP, most of the definitions you'll come across will fall into one of two groups: those that are just too technical and those that are simply too vague. Some, even contradicting. So if you're an average guy with a not-so-technical background, you'll be walking away with a head all tangled in arcane networking acronyms.


Read More

Topics: Secure File Transfer, SFTP, FTPS, FTP

4 Popular Large File Transfer Methods With Big Deficiencies

Posted by John Carl Villanueva on Mon, Jun 17, 2013 @ 04:45 PM


Some people seem to consider 1 gigabyte large. That's probably why, when Facebook Pipe (which supports up to 1 GB) was launched earlier this month, many Twitter tweets were touting it as an app for "large file transfers". It's not. So are other methods many people unwisely use at work for sharing really big files; files that are even much larger than a gigabyte. 

Read More

Topics: Cloud Computing, FTP, Accelerated File Transfer, Email Large Files

Protecting Your File Transfer Service from Internal Threats

Posted by John Carl Villanueva on Wed, Nov 21, 2012 @ 01:03 PM


Every year since 2010, Ponemon Institute conducts a research entitled "Cost of Cyber Crime Study". One of the main goals of the study is to quantify the economic impact of cyber attacks. This information is meant to help organizations determine the appropriate capital investment for countering these attacks or minimizing their impact. 

*This post was updated on July 11, 2015

Read More

Topics: JSCAPE MFT Server, Business Process Automation, Security, Secure File Transfer, FTP

Considerations When Setting Up Your DMZ's Reverse Proxy and Firewall

Posted by John V. on Tue, Sep 18, 2012 @ 09:00 AM

There are a number of things to consider when setting up the reverse proxy and firewalls in your DMZ. These things are going to have a significant impact on the performance and security not only on your file transfers but for your entire network in general, so you really need to weigh the advantages and disadvantages of each set up before deciding how you are going to put everything together. 

Read More

Topics: JSCAPE MFT Gateway, Security, FTP, Reverse Proxy

AnyClient Web Offers Online FTP Client

Posted by Van Glass on Tue, Aug 14, 2012 @ 12:24 PM

JSCAPE is pleased to announce the release of AnyClient Web, an intuitive web based file transfer client available for Windows, Mac OS X and Linux operating systems. AnyClient Web supports all major file transfer protocols including FTP/S, SFTP, WebDAV, AFTP and Amazon S3.

Read More

Topics: News, File Transfer Clients, AnyClient, FTP

How to do SSL File Transfers

Posted by John Carl Villanueva on Thu, Jun 14, 2012 @ 01:22 PM


In one of my previous posts, I defined what an SSL file transfer is. Today, I'm going to show you how to actually set up an SSL file transfer service on JSCAPE MFT Server. After that, I'll demonstrate how an AnyClient user would connect to your server and perform a secure file transfer using that particular service.

Read More

Topics: JSCAPE MFT Server, Managed File Transfer, AnyClient, Secure File Transfer, FTP

AnyClient 4.1 Released - Free FTP Client

Posted by Van Glass on Fri, Jan 13, 2012 @ 03:38 PM

JSCAPE is pleased to announce the release of AnyClient 4.1. 

Read More

Topics: AnyClient, FTP, Accelerated File Transfer

Guide to HIPAA Compliant File Transfers - Part 2

Posted by John V. on Wed, Jan 11, 2012 @ 09:30 AM

Guide to HIPAA Compliant File Transfers - Part 1

In this post, we'll be talking about the specific standards that lead to HIPAA compliant file transfers. This is a continuation of another post, so if you haven't read Part I yet, you might want to click that link first.

HIPAA standards affecting file transfers

As shown in our previous post, the HIPAA standards that impact file transfer systems can be found in the Technical Safeguards of the Security Rule. The Security Rule is documented in 45 CFR (Code of Federal Regulations) Part 160 and Part 164, Subparts A and C, with the Technical Safeguards themselves specifically found in section 164.312.

The standards that fall under Technical Safeguards as well as the specific sections that contain their definitions and corresponding requirements include the following:

  • Access Control (§ 164.312(a)(1)) - Covered entities must implement technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons or software programs that have been granted sufficient access rights.

  • Audit Controls (§ 164.312(b)) - Covered entities must implement hardware, software, and procedural mechanisms that record and examine activity in information systems that contain or use ePHI.

  • Integrity (§ 164.312(c)(1)) - Covered entities must implement policies and procedures to protect ePHI from improper alteration or destruction. 

  • Person or Entity Authentication (§ 164.312(d)) - Covered entities must implement procedures to verify that a person or entity seeking access to ePHI is the one claimed.

  • Transmission Security (§ 164.312(e)(1)) - Covered entities must implement technical security measures to guard against unauthorized access to ePHI that is being transmitted over an electronic communications network.

Each of these standards come with a set of instructions for implementing them known as Implementation Specifications. An Implementation Specification is classified either as Required or Addressable.

If an implementation specification is Required, then you will have to implement policies and procedures that would satisfy that particular implementation specification. On the other hand, if it is Addressable, then you will have to analyze the specification to determine whether it is reasonable and appropriate in protecting your ePHI data from possible threats and hazards.

If, based on your analysis, you decide that it is not necessary to implement the implementation specification, you must document the reason for your decision. In addition, if in the course of your analysis, you come across a reasonable and appropriate alternative measure, then you must implement that measure.  

Let's now take a quick look at each standard's implementation specifications and discuss how such specifications may be implemented on your file transfer system.

Access Control:

  • Unique User Identification (Required) - People who use your file transfer service should be assigned a unique user identifier like a username or a number. This will help you track each user's activity when the user is logged into your system. It will also help you in holding that user accountable for functions he performs while logged in.

  • Emergency Access Procedure (Required) - You must have in place procedures that will allow you to obtain the ePHI found in your system in the event of an emergency situation wherein your file transfer system is rendered inoperative. 

  • Automatic Logoff (Addressable) - Your system must be capable of terminating a session after a predetermined period of inactivity is reached. Users sometimes forget to logoff after completing a file transfer, leaving your system vulnerable to unauthorized entry. An automatic logoff feature will prevent unauthorized users from gaining access that way.  

  • Encryption and Decryption (Addressable) - This may refer to ePHI data stored in directories on your file transfer server. By encrypting ePHI data found there, you can render those data useless to unauthorized personnel. Even when an unauthorized person gains access to those encrypted data, he won't be able to make heads or tails out of them. 

Audit Controls (Required)

  • You must have a way of keeping logs of user or system activity during each file transfer session. This will enable you to have an audit trail to refer to in the future if you want to trace certain events that took place in your file transfer system. 


  • Mechanism to Authenticate ePHI (Addressable) - The integrity of ePHI data should be preserved at all times. Improperly altered or destroyed ePHI can put patients' safety at risk. Because unauthorized data changes can be caused by a variety of reasons ranging from human errors to electronic failures, your file transfer system should have a mechanism that will enable you to check whether your ePHI data has undergone any unauthorized changes.  

Person or Entity Authentication (Required)

  • Your system must have a way of knowing whether a person who wants to gain access to it is in fact the person he or she claims to be. The most common methods of authentication typically require users to present a proof of identity such as a password, PIN, smart card, token, key, or biometrics. 

Transmission Security:

  • Integrity Controls (Addressable) - This is similar to the Integrity standard discussed earlier. The only difference is that the previous discussion was focused on data at rest, e.g. ePHI stored in your FTP server hard disks, while this one here is aimed at data in motion, i.e., ePHI being transmitted over a network. So, for example, your system must support network communications protocols that ensure that data sent is the same as data received.

  • Encryption (Addressable) - Again, this is similar to the Encryption/Decryption implementation specification under the Access Control standard, except that this one refers to data in motion. So for example, your file transfer system should support file transfer protocols like FTPS or SFTP

So there you have it. Those are the standards and implementation specifications of the HIPAA regulation that impact file transfer systems. You're now ready for the last part of this article. That's where we'll discuss the steps to achieve HIPAA compliant file transfers.

Guide to HIPAA Compliant File Transfers - Part 3


udp file transfer 

Read More

Topics: Security, Compliance, FTP

Guide to HIPAA Compliant File Transfers - Part 1

Posted by John Carl Villanueva on Wed, Jan 11, 2012 @ 09:27 AM

For some entities in the health care industry, file transfer activities are no longer as simple as before. Measures have to be taken to make sure violations aren't made against HIPAA. FTP services, perhaps the most widely used services for transferring large files over the Internet, now require enhancements to ensure that data considered as electronic protected health information (ePHI) are protected throughout an FTP transfer.

Read More

Topics: Managed File Transfer, Security, Compliance, FTP, HIPAA

Setting up a Linux FTP Server - Part 1

Posted by John V. on Tue, Dec 27, 2011 @ 12:35 PM


In this post, I'll show you how easy it is to set up a Linux FTP Server using JSCAPE MFT Server. One advantage of using a Java FTP server like JSCAPE MFT Server is that it can run on virtually any platform; be it Windows, Mac OS X or Linux. All you need is a Java installation and you can already provide fast and secure file transfer services. 

Read More

Topics: JSCAPE MFT Server, Managed File Transfer, FTP, Linux FTP Server