The SysAdmin Network

No more hiding in the server room

Encrypted Alternative to FTP ideas

 This is a project I'm taking on for 2012 so I figured I'd toss it out there to see if anyone had some ideas.

Currently we host our own FTP for use in sending/receiving files from customers and vendors. As needed, we create Active Directory accounts for the various businesses and then email a contact their with their credentials. They then use whatever means their company uses to upload/download their files, often it's IE or we usually recommend FileZilla.

 In any event, this is a pain in the butt. Especially when the client may only be a one time user. And FTP isn't exactly secure.

 My project is to find a secure, simpler method. Yes, there's also SFTP but that gives the client no choice but to install software and that is often not an option, depending on the company.

 We also deal in data from Military customers that has to be sent to various potential suppliers, such as CAD data. While the files themselves may not be all that 'top secret' I'm confident that the customers would like as secure as possible of a transfer method.

 What I want to find is something like Dropbox, where we could drop files into customer specific folders and then generate a url that can be emailed to the recipient. Ideally it would be good to have it prompt for a password when the url is used. Plus, as mentioned, having the actual transmission encrypted would be preferred also.

 We could design a solution in house and develop it but that would take away from other development projects.

 Anyone have suggestions?

 

Tags: Data, Encryption, FTP, Transfer

Views: 90

Reply to This

Replies to This Discussion

Permalink Reply by Mike Rigsby on December 26, 2011 at 5:52pm

So far I'm thinking Onehub might be a good option.

Permalink Reply by Jeff Hengesbach on December 28, 2011 at 2:33am

I've had https://www.egnyte.com on my list to try out for some time for similar such use but have not yet.  If you try it out I'm sure we'd all love to hear your review.

Permalink Reply by Noj on January 28, 2012 at 9:31am

Yeah, it's so easy to sniff a password for FTP it's not funny. 

I've been tempted to mess around with coming up with a solution to this problem too. 

what I was after, was a simple easy to manage/install and VERY simple to use for the users to use as well (including removing/archiving old and unwanted files) that was secure, could be set up on my clients server/s, AND allow these clients to give access to someone outside their org to upload and download files - while still being simple, easy to use, and secure.

It had to be as easy, or MORE easy than email. 

Unfortunately such a project was/is somewhat outside my skillset (I was an sys admin, not a code monkey) 

I'm now out of the IT industry, but would be interested in hearing any solutions you come up with anyway.

Permalink Reply by Mike Rigsby on January 29, 2012 at 4:16pm

I haven't had much luck finding an 'out of the box' solution for just what we're looking for. Some services, like Egnyte or OneHub, looked promising but wasn't 'an exact fit'. As such, the on staff developers we have at work are just going to design an in house solution. We have a couple extremely skilled devs on staff so many times it's just best to design a solution that fits our exact needs.

I'm a pure hardware geek and ignorant of anything code related but something along the lines of a database backed ssl web portal with email verification and notification. I won't know what the code behind the scenes is but I'll add a follow-up on here with some of the functionality when they get it designed. 

Permalink Reply by Wesley "Nonapeptide" on March 12, 2012 at 9:26pm

My first thought was FTP over an HTTPS web interface. What does that? CrushFTP! It's not FOSS and thus costs money, but it seems to be a solid product. My last necessity to spec out an FTP server caused me to escalate CrushFTP to the top of my list. I think it's a solid product from what I've seen, but can't offer any personal experience with it because the project didn't go through.

I personally don't trust anyone's implementation of online file storage. DropBox was compromised once before. Any other service is just as much of a black box IMO. I either roll it on my own or I don't trust it.

 

Permalink Reply by Tobias Wolf on April 3, 2012 at 9:33pm
If you're looking for something similar to Dropbox, you should try http://owncloud.com. ;)
Permalink Reply by Mike Rigsby on April 3, 2012 at 10:00pm

 We're just working on designing our own system internally now but that does look like a pretty slick service.

RSS

© 2012   Created by Elizabeth Ayer and Michael Francis.   Powered by

Badges  |  Report an Issue  |  Terms of Service

Sign in to chat!