While ordinary FTP offers access control through user accounts and passwords, the file-transfer transmissions aren’t encrypted, leaving them vulnerable to “man in the middle” exploits. Encrypting the transmissions fills the security gap, although the client software must be able to handle whichever method is used. Some FTP servers use SSL encryption to solve the problem, others use SSH, but few offer both. Ipswitch’s WS_FTP 6 with SSH provides support for both as well as plain FTP, enabling it to support the widest range of FTP client software.
User authentication is essential for secure file transfers and WS_FTP provides several ways to create user accounts. It uses a PostgreSQL database to hold all user account details, but data can be imported and synchronised from a number of other sources, including Microsoft’s Active Directory and local Windows user databases. External databases can be used via ODBC, and if the site is using Ipswitch’s mail server it can integrate with its user database, too.
Although security is based on user accounts, anonymous access is still possible, so files that need to be freely available can be managed from the same server, avoiding the need to run two distinct FTP servers.
Bandwidth can be controlled, although the limitations are applied to each connection rather than to each user, so a user with multiple connections can still hog all the available bandwidth.
Although the logging and reporting facilities are detailed, there’s no graphical display, so there’s no easy way to determine traffic peaks. However, the logs can be exported in XML format, giving a historical record that can be used to produce such graphs. The system’s real-time monitoring facilities show statistics listed by active session.
The system has several components. The default installation puts them all on the same server, but the log and notification server can be placed on other systems if required. Each server supports multiple hosts, and each can have its own configuration and appear as a separate system to the end user. Connections are made to software “listeners”, which in turn connect to one or more WS_FTP servers – you could build FTP server clusters for performance and resilience. Virtual folders can be created, which point to real folders but can have different permissions. So a virtual folder can be used to restrict access to a real folder depending on the user’s group and encryption settings. User accounts include password tracking to ensure passwords aren’t reused, and password complexity can be defined.
The software supports rules that can be programmed to carry out specified actions when certain conditions occur. For example, if a user makes too many failed logon attempts the system can notify an administrator and disable the account. It can also run a specified program on the server, so it’s possible to produce a highly automated installation that can respond to changing conditions.
Although not perfect, WS_FTP offers a solid and versatile FTP server that can be used to provide secure and effective file-transfer facilities in both internet and intranet situations.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
