However, the problem you have with FTPS and SFTP is although the files are securely transferred to your server,...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
once they're uploaded, anyone who accesses the server can see them, because they aren't encrypted. With this in mind, I prefer your first solution, which is to have your hosts encrypt the files using the recipients public PGP key. This option not only ensures the files are encrypted while in transit, and when at rest, but also only the intended recipient can decrypt and view the files. The best solution to your problem, however, is probably a combination of both PGP-encrypted files and a secure FTP connection. Because even if your PGP encrypted files are secure, if your hosts use plain FTP to upload files to your server the username and password used to access the server are sent in the clear. An attacker could potentially steal this information and use it to gain access to the FTP server and upload malicious files or delete existing files.
Dig Deeper on Network Protocols and Security
Related Q&A from Michael Cobb
What is BGP hijacking or IP hijacking and how do cybercriminals pull off the attacks? Expert Michael Cobb explains how enterprises can mitigate these...continue reading
Is the Dell eDellRoot security threat a serious problem and, if so, can it be prevented with self-signed root certificate authorities? Expert Michael...continue reading
What does FIPS 140-2 Level 2 certification for devices cover? Expert Michael Cobb explains the FIPS 140-2 security standard and how vendors use it in...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.