Blog

What Is HMAC And How Does It Secure File Transfers?

Posted by John Carl Villanueva on Wed, Jan 20, 2021 @ 09:33 AM

Overview

Data integrity checks are vital to secure communications. They enable communicating parties to verify the integrity and authenticity of the messages they receive. In secure file transfer protocols like FTPS, SFTP, and HTTPS, data integrity/message authentication is usually achieved through a mechanism known as HMAC. In this post, we explain what HMAC is, its basic inner workings, and how it secures data transfers.

Read More

Topics: Security, Secure File Transfer, SFTP, FTPS

What Is HTTP Strict Transport Security (HSTS)?

Posted by John Carl Villanueva on Sat, Jan 16, 2021 @ 04:30 AM

When I first read about HSTS, my first reaction was, "What's this? A replacement for HTTPS? Considering the ubiquity of HTTPS, shouldn't we be working to improve it first instead of replacing it?" Turned out, my initial understanding of HTTP Strict Transport Security was off the mark. 

Read More

Topics: Security, Compliance, Secure File Transfer

What Is Client Certificate Authentication?

Posted by John Carl Villanueva on Fri, Jan 08, 2021 @ 09:54 AM

Overview

How do you strengthen a server's user authentication system? Well, one solution would be to simply add another authentication method. Most servers authenticate users through the usual username-password technique. If you can augment that with another method, you'll be able to make it more difficult for unauthorized users to break in. For servers whose users connect through Web browsers, one option would be something called client certificate authentication. Let's explore what this is.

Read More

Topics: Security, Secure File Transfer, FTPS

How to Set Up SSL Client Authentication | JSCAPE

Posted by John Carl Villanueva on Sun, Jan 03, 2021 @ 05:18 AM

[Last updated: January 2021] People who use SSL/TLS to secure their online transactions/file transfers are mostly only familiar with two of its security functions: 1. That it can encrypt data in transit and 2. That it can enable clients to authenticate the server. They're likely not making use of another feature that can greatly enhance SSL security even more - client certificate authentication.

We already talked about client certificate authentication and its benefits on a previous post, so if you want to learn more about it, I suggest you click that link. In that post, we never got to talk about how to enable client certificate authentication on the server side. This quick post will be all about that.

 

 

Read More

Topics: JSCAPE MFT Server, Managed File Transfer, Security, Tutorials, Secure File Transfer, FTPS

Protecting Your File Transfer Service from Internal Threats

Posted by John Carl Villanueva on Fri, Dec 25, 2020 @ 01:03 PM

Overview

[Last updated: December 2020] Malicious insiders and careless insiders are increasingly posing serious risks to file transfer systems. If nothing is done to mitigate them, these internal threats can cause data loss or, worse, massive penalty-inducing data breaches. In this post, we take a closer look at internal threats, how they put file transfer systems at risk, and what you can do to mitigate them.  

Read More

Topics: JSCAPE MFT Server, Business Process Automation, Security, Secure File Transfer, FTP

How To Securely Transfer Large Files Over The Internet

Posted by John Carl Villanueva on Wed, Dec 16, 2020 @ 01:02 AM

Businesses that deal with large files such as high-definition videos, 3D CAD models, and so on, sometimes need to transfer these files to another department or to a trading partner located in another state, country, or continent. In situations like this, it pays to know how to securely transfer large files over the Internet.

Read More

Topics: JSCAPE MFT Server, Managed File Transfer, Security, Secure File Transfer

Using AES-256 To Encrypt Files You Upload To Your S3 Trading Partner

Posted by John Carl Villanueva on Mon, Oct 19, 2020 @ 04:05 AM

Files you upload to an Amazon S3 trading partner through JSCAPE MFT Server are normally stored in plaintext. If you want to encrypt those files to minimize the risk of a data breach, one way to do that is by using AES-256 Amazon S3 server-side encryption. We'll show you how to use this particular service in this post. 

Read More

Topics: JSCAPE MFT Server, Managed File Transfer, Business Process Automation, Security, Cloud Computing, Tutorials, Secure File Transfer

Why and How You Should Verify An SSH/SFTP Client Key's Fingerprint Before Using It

Posted by John Carl Villanueva on Fri, Aug 14, 2020 @ 12:59 AM

In one of our previous posts, we talked about the importance of authenticating an SFTP host before logging into it and how to use the host's RSA key fingerprint to carry out the authentication. The same principle applies when you import a user's client key for public key authentication. 

Read More

Topics: JSCAPE MFT Server, Managed File Transfer, Security, Secure File Transfer, SFTP

Understanding Key Differences Between FTP, FTPS And SFTP

Posted by Van Glass on Wed, Jul 29, 2020 @ 12:56 PM

Three common protocols still used in file transfer today are FTP, FTPS and SFTP. While the acronyms for these protocols are similar, there are some key differences among them, in particular how data is exchanged, the level of security provided and firewall considerations. Learning these key differences can help you when choosing a secure file transfer protocol or troubleshooting common connection issues.

Read More

Topics: Managed File Transfer, Security

How To Secure And Protect Data At Rest

Posted by John Carl Villanueva on Thu, Jul 09, 2020 @ 03:52 AM

To prevent confidential data from leaking out of your organization or getting stolen, your cyber security efforts have to be aimed at two areas: securing data-at-rest and securing data-in-transit (sometimes referred to as data-in-use). Data-in-transit is often secured by protocols that use an Advanced Encryption Standard (AES) and require encryption keys. But what about data-at-rest protection?

Read More

Topics: JSCAPE MFT Server, Security, Data Loss Prevention, Compliance