Private File Sharing and Synchronization Demand Doubles in Three Months

Lately the news from managed file transfer vendors has been all about layoffs, downsizing and offshoring, but perhaps there’s still some life left in our industry. A provocative new study from 451 Research suggests that MFT vendors should be currently benefiting from a sudden shift in corporate attitudes toward file sharing and synchronization (which we […]

2014 Managed File Transfer Predictions – True or Not?

As the managed file transfer industry wraps up 2014, it’s time to look at how accurate my MFT predictions for 2014 turned out to be. Prediction #1: As Competition Increases, Certification Becomes More Important Grade: A Discussion: The managed file transfer industry now has a vendor-independent training and certification program: the Certified File Transfer Professional […]

Exfiltration: Definition, Security Risk and Prevention

Exfiltration is an unauthorized file transfer (or other bulk data transfer) that creates a security breach by allowing malicious people outside a security perimeter access to confidential information.   As was the case with the infamous Target credit card breach, exfiltration is often used as the final step in a broader scheme to gather sensitive […]

Managed File Transfer and Heartbleed (Also FTP Servers)

The Heartbleed vulnerability in OpenSSL affects many managed file transfer, secure file transfer, FTP server and FTP client technologies.  File Transfer Consulting has compiled a list of vendor and project statements about Heartbleed remediation here. (Long story short, the “Heartbleed” vulnerability allows people to request chunks of memory from target servers.  This memory often contains […]

Possibly the Future for Managed File Transfer?

Where We Are Today On any given day millions of files are zapping across the Internet in a seemingly endless stream of data. File/data sharing or exchange, however you may care to think, of it is growing exponentially. As a consequence there has been the development of an industry to aid and support those wishing […]

Is My Managed File Transfer Software Secure?

In a recent LinkedIn thread, Steve Thompson of Humana suggested that managed file transfer (MFT) vendors whose applications were cracked and used in a cyber attack would need to have “serious talks with their insurance carrier(s).”  Unfortunately, it may be easier to hack a managed file transfer application than you might think. Let’s pick on […]

Could Managed File Transfer Have Prevented the Target Credit Card Breach?

December’s Target credit card breach attracted my attention because it used FTP to send files from an “exfiltration” server at Target to criminals. Could managed file transfer (MFT) have prevented the attackers from sending (via “exfiltration“) Target’s sensitive data? The Target Hack Depended on File Transfer The Target attack was complex and required both skill […]

Managed File Transfer Predictions for 2014

Managed File Transfer continued to amaze me in 2013.  I was surprised by the sheer number of new companies and products that continued to enter the space, even though the industry doesn’t seem to be getting that much bigger.  With that and other managed file transfer news from 2013 in my mind, here are my […]

Could Google QUIC Become An Extreme File Transfer Standard?

Were extreme file transfer vendors asleep at the wheel when Google announced it was going to push a UDP-based file transfer acceleration protocol named QUIC? What is QUIC? QUIC stands for “Quick UDP Internet Connections”.  It’s very much like the proprietary UDP protocols file transfer acceleration vendors use (and UDT – see below) in that […]

“More Files Moved Than Tweets Sent”

Attachmate‘s number crunchers have been busy lately, and their latest calculations show that more files than tweets are sent each and every day. Infographic: Files and Tribulations – The Importance of Managed File Transfer Managed File Transfer Infographic Transcript Files and Tribulations – The Importance of Managed File Transfer We live in an impatient world. […]

Free FTP Clients – Why Do They Want to Be Free?

In the mid-1990’s, there were three things you needed to get on the Internet from your Windows desktop.  1) A Trumpet WinSock to get TCP/IP working through your modem.  2) Netscape Navigator to surf the web and find files.  3) WS_FTP LE to upload and download files through FTP sites. For years, WS_FTP’s hold on […]

Compare MOVEit DMZ/Central to Serv-U FTP Server

MOVEit® and Serv-U® are two file transfer brands that started in wildly different places but bump heads in the low end of the managed file transfer space.  As the only person on the planet who worked on both brands (I wrote MOVEit DMZ and designed MOVEit Central, then served as PM for Serv-U), I have […]

Managing SFTP Keys for Automated Access

Is the New IETF Draft a Best Practice or Shameless Plug? When does an IETF draft read like a vendor’s white paper?  When it’s the new “Managing SSH Keys for Automated Access” document by SSH Communications’s Tatu Ylonen. The Case for “Shameless Plug” SSH Communication’s venerable Tectia SSH solution is mentioned by name 6 times […]

Syslog Test Message Utility

The Syslog Test Message Utility will send UDP-based syslog messages to any Syslog server you choose. It is free software and runs on any Windows operating system that supports .NET 4.0. After specifying the Syslog server hostname and UDP port (port 514 is the default Syslog port), you specify the level (e.g., “Information (6)”), facility […]

Why Managed File Transfer In the Cloud Often Doesn’t Sell

Tonight I was reading yet another blog entry about how this year is finally going to be the year of “MFT in the cloud,” and I couldn’t help but think of the fabled “year of the Linux Desktop” in exactly the same way. Is Anyone Selling MFT In The Cloud? Absolutely. For the right price, […]

Secure Coding: How to Avoid Accellion’s Password Reset Vulnerability

In a previous article I looked at a bug in Accellion’s code that allowed users to hijack each other user’s accounts by resetting each other’s passwords. (The bug was found and fixed in March 2012.) This article digs into the design flaw that led to the bug and how you can avoid the same error […]

Accellion’s Password Vulnerability Gives Black Eye to Managed File Transfer

Yesterday Nir Goldshlager published an article and YouTube video (see below) that shows how he was able to reset the passwords of other users on a high profile Accellion system running at least eight months behind the current security patch. Essentially, he found that an old version of Accellion allowed any authenticated user to pass […]

Low and Slow Brute Force FTP Scanner

LowAndSlow is a free utility that attempts “low and slow” brute force sign-ons against a selected FTP server, FTPS server, or SFTP server. LowAndSlow works off a list of usernames and a list of passwords, and waits a configurable number of seconds between each attempt.  If the delay is set to 0 or 1, LowAndSlow […]

What Does UsedSoft vs. Oracle Mean for Managed File Transfer?

The July 3 UsedSoft vs. Oracle ruling opened a secondary market for software by retiring the concept of “licensed, not sold” in 27 European countries.  To thousands of software companies, including dozens of file transfer companies, the “E” in EMEA suddenly became hostile territory. Immediate Effect: Lower Prices and More Resellers After this ruling, buyers may […]

When should I use a UC4 Schedule object?

By now you realize that there are several ways to get UC4 Jobs, JobFlows, Scripts and other objects to execute periodically.  Some of the more common ways include using “Execute Recurring…” from the GUI, using ACTIVATE_UC_OBJECT from another scheduled object’s script, relying on retry-until logic or activating a Schedule object. However, there are some clear-cut instances […]

How can I use UC4’s External Dependencies?

One of the hottest new features in UC4 job scheduling has been the inclusion of explicit “external dependencies” in JobFlows.   External dependencies allow steps within your JobFlows to wait for other JobFlows (or other objects) to finish up their runs before your JobFlows proceed. External dependencies are incredibly useful when trying to define complex […]

Top Three Managed File Transfer Trends of 2011

Since we aren’t tightly coupled to one particular vendor in the managed file transfer industry, File Transfer Consulting has the opportunity to see things from a slightly different perspective.  We also got some interesting feedback from the folks who participated in our free 30-minute industry consultations and the dozens of people we talked to running […]

How do I suppress a specific return code from a UC4 Unix job?

Some processes return a non-zero return code even if all was well.  On Linux and Unix machines some UC4 developers use the following technique to keep their overall scripts from returning non-zero return codes. .\non_standard_cmd  (let’s say this returns an error code of 255) pwd    (this almost always returns an error code of 0, […]

Which MOVEit DMZ reports will help me understand actual usage?

Before we perform any MOVEit DMZ migration, upgrade or capacity planning analysis we run two built-in reports to quickly get a feel for actual use.  One looks at total monthly transfers and the other looks at sessions by hour. MOVEit DMZ File Transfer Report We use a built-in MOVEit DMZ report to determine the current […]

Auditing the hostnames and usernames in use on UC4

Security auditors are often interested in which machines are automatically accessing other machines, and a list of users that are used to connect. Fortunately, there is a single table called “OLC” in UC4’s configuration that provides this information if queried properly.  This article shows you how to use a single UC4 job to dump this […]

How to diagnose simple UC4 GUI run problems

This article covers several common UC4 GUI run problems encountered after unpacking the files to a local directory on Windows desktops. Java Not Installed The UC4 GUI Windows executable simply displays a splash screen and then launches the real GUI application through Java.  If Java is not installed, you will often see a and error […]

Adding More Information to UC4 Statistics and Activities Entries

A common complaint about the UC4 Activities and Statistics windows is that they don’t show that one extra piece of information you’d like to see.   For example, you may be changing hostnames and usernames dynamically in your UC4 file transfer scripts and want that information surfaced to operators watching failed objects in your Activities […]

Get WS_FTP Server for free!

One of the nice things about being an Ipswitch Elite Partner is that FTC often gets access to pricing and deals that you cannot get anywhere else.  Until November 15th (2011) we’ve been authorized to give away a free copy of WS_FTP Server with any Ad Hoc Transfer or Web Transfer module purchase. Or, if […]

How to make new UC4 JobFlows error out when a Job gets an error

If you’ve ever fiddled with dependencies within a JobFlow to make sure that one failure will stop processing cleanly, you’re probably interested to know  that there’s a way to set your dependency value to “Any_OK” by default. To do this, open your Options, select Settings, go to the ProcessFlow tab and set “Status for Internal […]

Gentran Server vs. Gentran Integration Suite (GIS)

An interesting take on (Sterling Commerce’s, now IBM’s) Gentran Server vs. Gentran Integration Suite from a posting to the public “EDI Professionals” group by “Jeff” on LinkedIn. “Gentran Server and Gentran Integration Suite are radically different animals. Gentran Server does simple translation and storage of data, that’s it. If you understand mapping and basic coding: […]

What does the SSL/TLS BEAST exploit mean for my web-based file transfer application?

Researchers have discovered a serious vulnerability in TLS v1.0 and SSL v3.0 that allows attackers to silently decrypt data that’s passing between a webserver and an end-user browser. This vulnerability can be exploited using a new cookie-based technique called “BEAST” (“Browser Exploit Against SSL/TLS”) that takes advantage of block-oriented cipher implementation such as AES and […]

MOVEit DMZ AntiVirus FAQ

By now you have hopefully heard that MOVEit DMZ is getting integrated Anti-Virus (AV) support through use of an ICAP connector to Sophos and Symantec AV engines. If not, you should know that this feature will be part of the MOVEit DMZ 7.1 release coming October 4, 2011 (update: yes, this was released). MOVEit DMZ […]

How do I keep Google from finding my MOVEit DMZ site?

If you have deployed a publicly facing MOVEit DMZ site, you may be surprised how easily people can find you, especially from public search sites like Google, Yahoo and Bing.   To bring up a couple of examples, open your favorite search engine, type in “moveit” and add a term that’s more often found in the […]

Dealing with your annual Sterling Commerce renewal

So, it’s September* and you’re dealing with yet another six-figure Sterling Commerce maintenance renewal. This is the time of year many of you will call, hoping to swap out your Connect:Direct (C:D) or Gentran Integration Suite (GIS) systems as fast as humanly possible. First, the good news: management loves projects with high ROIs, and replacing […]

Avoiding “the connection was reset” errors on Serv-U

If you are careless with your keystrokes in Serv-U’s IP Access rules you may end up seeing a “connection was reset” error when you try to connect remotely. The most common cause of this error is a mangled entry in Serv-U’s forgiving list of allowed IP rules.  The following example shows a truncated IPv4 address […]

How to use email addresses as usernames in WS_FTP Server

Using email addresses as usernames is a great way to increase the usability of any application by giving your end users the ability to reuse their easily-remembered credentials across multiple systems. However, support for email addresses as usernames in WS_FTP Server is not available by default, and there are a few things to watch for […]

Difference Between Secure File Transfer and Managed File Transfer

One of the most common questions I encounter today is “what is the difference between secure file transfer and managed file transfer?” The short answer is that managed file transfer is secure file transfer PLUS several additional capabilities and a different sales and support model.   The remainder of this article delves into the specific technological […]

Forrester’s “Managed File Transfer Solutions” – Good, Bad and Ugly

I was delighted when Forrester’s Ken Vollmer published his “Market Overview: Managed File Transfer Solutions,” to help fill the space that Gartner vacated when it elected to drop the Magic Quadrant for Managed File Transfer. Vollmer provides a good introduction to the market – though of course I have my quibbles.  So, without further ado, […]

How do Managed File Transfer and eDiscovery relate?

With eDiscovery costs of $30,000 or more per trial, smart companies are now taking a closer look at the files that pass through their managed file transfer systems. As the name implies, “managed” file transfer adds a layer of monitoring and non-repudiation that “unmanaged” file transfers using email, plain old FTP or web-based file send […]

Improving Visibility in MOVEit Central Custom Scripts

This video shows how to improve visibility into MOVEit Central custom scripts through the use of frequent status updates and appropriate levels of log messages. (View at 720px for best resolution.) There are two MOVEit Central script commands showcased in this video: MISetStatus – used to set the status displayed while a script is running […]

Where does managed file transfer automation help the most?

Ipswitch’s MOVEit Central, Linoma Software’s GoAnywhere Director and Flux all provide strong and unique approaches to managed file transfer automation, but we often field a question of a different kind: “OK, I’m convinced that you have the technology to cover my needs, but what should I tackle first?“ For once we turn to outside assistance […]

How do you find the ID of a WS_FTP Server Host?

File Transfer Consulting has been known to do some interesting things by tweaking the underlying configuration database of Ipswitch’s WS_FTP Server.  And when we’re working with production systems* we need to be sure that we’re always pointing to the correct WS_FTP Server Host. You may have noticed that the GUI interface to WS_FTP Server uses […]

Is Managed File Transfer dead?

Now that Gartner has marked the “Managed File Transfer” magic quadrant as “Retired” (see this), vendors, buyers and consultants alike are anxious to know whether or not the managed file transfer industry is dead. However, before we can answer that question, we need to make sure we can define the role managed file transfer (“MFT”) […]

How does WS_FTP Server store passwords?

Like many server applications, Ipswitch WS_FTP Server doesn’t store actual passwords or even encrypted passwords.  Instead, it stores cryptographic hashes that represent the original passwords. To figure out which cryptographic hash a particular server uses, an easy way is to take the original password, say “a1sd2d3”, and use an online hash calculator to figure out […]

File Transfer IPv6 Readiness

As we celebrate WorldIPv6Day, we understand that world is out of IPv4 addresses and the time of IPv6 is at hand. CTO Andy White explores existing file transfer technology used for bulk data exchange under the lens of IPv6 and highlights issues managed file transfer users must consider during strategic or tactical planning.    Summary results […]

Additional Notes from “File Transfer IPv6 Readiness” White Paper

Additional notes from CTO Andy White’s “File Transfer IPv6 Readiness” White Paper are provided below. Architecture All tests were conducted on the following architecture. • NETGEAR N600 Router to provide IPv6 routing/addressing • FT Servers running in a virtual machine within Linux • FT Clients running on Windows Software We conducted tests with six different […]

What features should I expect in a managed file transfer product?

We often hear people ask “what should I expect in a managed file transfer product?”    A lot of that depends on your own needs, but managed file transfer capabilities can generally be grouped as follows. Table Stakes – the features that almost every managed file transfer vendor has. – Lots of protocol support (e.g., FTP/S, […]

Create A MOVEit Central Task in <30 Seconds

Yes, it really is possible to set up and test a MOVEit Central task that downloads files in less than 30 seconds.  In this video presentation, I show you how. (Recommended resolution: “720p”) The “30 seconds or less” reference is originally from an article entitled “MOVEit Central: workflow engine, scheduler, BPM or ?“

How to Detect and Prevent “Low and Slow” Brute Force Attacks

Low and slow brute force attacks against FTP servers, SSH servers and WebDAV servers are already happening, so it’s important to learn how to detect and mitigate this increasing threat. “Rapid Fire” vs. “Low and Slow” We’ve all seen script kiddies fire up an SSH session and try 500 root passwords against a server in […]

MOVEit Central: workflow engine, scheduler, BPM or ?

I frequently get asked “what is MOVEit Central, exactly?”  Often the question comes from people who’ve had MOVEit Central installed for years, and I find that people who ask this question are usually using another workflow engine, scheduler or BPM (business process management) system and want to figure out how MOVEit Central compares to another […]