Secure FTP-FTPS and SFTP for Business-to-Business Exchange

Setting up FTP with Key Customers

If you need to set FTP with key customers or your connections to other companies are not operating reliably, it may be time to consider a tune-up. You likely have the proper components, but you may have outgrown them. Re-configuration will help you adjust for your growing volume and its increased complexity. The challenge for the medium sized company is lack of time and expertise. Having an expert, such as DCS, to turn to brings a quicker solution and expands your skill set.

DCS can help you economically improve your services, as we are thoroughly familiar with internetworking and communication methods. We can provide a FREE assessment to survey your hardware, software, locations, and growth anticipated. In addition with DCS PROMPT™ Report Support, you can receive production support service quickly during vacations, etc. You will experience fewer interruptions, so you can work on necessary projects. And, fewer intrusions mean more harmony and less stress.


Secure communication requires encryption (scrambling the text) of both of the message and commands (password).  There are several methods of securely transferring files that have been called “Secure FTP”.


FTPS is an extension of the FTP protocol that allows client to request that the FTP session be encrypted.  The AUTH TLS command is used.  Additionally, the use of a SSL connection, specifying different ports, is widespread.


The “SSH File Transfer Protocol,” is not related to FTP except that it also transfers files and has a similar command set for users.  It uses SSH to transfer files and it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in the clear over the network. It is functionally similar to FTP, but because it uses a different protocol, you can’t use a standard FTP client to talk to an SFTP server, nor can you connect to an FTP server with a client that supports only SFTP.

FTP over SSH refers to the practice of tunneling a normal FTP session over an SSH connection.  Because FTP uses multiple TCP connections, it is particularly difficult to tunnel over SSH. With many SSH clients, attempting to set up a tunnel for the control channel (the initial client-to-server connection on port 21) will protect only that channel; when data is transferred, the FTP software at either end will set up new TCP connections (data channels), which bypass the SSH connection, and thus have no confidentiality, integrity protection, etc.

Otherwise, it is necessary for the SSH client software to have specific knowledge of the FTP protocol, and monitor and rewrite FTP control channel messages and autonomously open new packet forwardings for FTP data channels.


EDI INT AS3 is FTP Secure (FTPS) in batch mode. It is a significant step up from AS2 in capability. However, the complexity has dampened widespread acceptance. The result is growing FTP traffic, but not the use of AS3.

None of these protocols specifies how to validate or process data or documents.

Steps Necessary

You have likely noticed during the last three years the volume of traffic through your VPN and firewall has grown stealthily. You know it has grown, but likely have not had time to step-back, assess, and then make improvements. This challenge has been faced by many other companies. Here are some of the changes they have made.

  • Set a proxy properly in the DMZ (for companies whose internal policy limits access to the open port).
  • Properly set Terminal Services, VNC, RDP, Telnet and SSH sessions.
  • Recalibrate your firewall to ensure hidden voids are found.
  • Set redundancy and immediate recovery.
  • Automate failed MDN exception reporting.
  • Improve reporting so that you know immediately when you are down (email on fail alerts).
  • Tighten central administration and enforcement.

A secure network makes it easier to share vital information between companies over the Internet. Completion of these steps will prepare you for FTPS or SFTP.

Highly confidential non-EDI documents should also be sent securely as the cost and embarrassment of a disclosure is high. The documents are typically very sensitive, large files, but the volume is far lower than typical EDI volumes. Fortunately, the triple DES encryption used by AS2, FTPS, and AS3 meets FASB and SOX requirements.

Here are some examples:

  1. Payroll information
  2. Benefit enrollment
  3. Engineering drawings
  4. Marketing video, audio, and graphics
  5. Prices and discounts
  6. XML and database files
  7. Check images and other banking items
  8. Adobe .pdf files
  9. Point-of-Sale data
  10. More

The economic and effective solution is a “drag and drop” to a folder. For outbound documents the user moves the file to the transmission utility, which sends it out. For inbound, an email notification is received by the recipient, who then moves in the file.

How DCS Can Help

Your business processes are unique and your budget is tight: yet you must align your procedures to growing customer demands and evolving requirements. The challenge is how to economically make those improvements.

DCS can help you improve, as we are thoroughly familiar with internet working and communication methods. We can provide an assessment to survey your hardware, software, locations, and growth anticipated. You will then receive a task list with time estimates and priorities.

After improvements are at hand, training is also worthwhile. Finally, our remote production support service can quickly help during vacations, etc. You will experience fewer interruptions, so you can work on necessary projects. And, fewer intrusions mean more harmony and less stress.

The first step is easy, just email us for more information on our FREE assessment.