External FTP drop site

[acole1]

Our company receives a large amount of CAD drawings from external customers, and right now we get them through email. Clearly there are problem sending large files through our mail server, and we would like to come up with another solution.

Our solution is using an external FTP drop site that is fairly inexpensive, secure, easily accessible, and easily manageable.

Have any of you used sites like this and have recommendations, or notes of which are good and which are bad?

Thanks!

 

[ScottFern]

I am not sure how secure FTPs really are......I would say 99% of them are constantly getting hammered by brute force attacks. I know ours is constantly getting anonymous requests denied 24/7.

Now, if you could implement a SFTP setup that would be different.

 

[Oakenfold]

Originally posted by: ScottFern
I am not sure how secure FTPs really are......I would say 99% of them are constantly getting hammered by brute force attacks. I know ours is constantly getting anonymous requests denied 24/7.

Now, if you could implement a SFTP setup that would be different.

ScottFern is right, a SFTP would be ideal. Preferably encrypt the file, transmit through SFTP. Client DL's from SFTP server, decrypts file. This may be overkill depending on the confidentiality of the contents of the file (i.e. drawings). I'm sure there are others way to do this, anyone else perform file drop off /pick up a different way?

 

[Red Squirrel]

sftp can still get brute force attack but if you setup something like fail2ban to block IPs that fail you should be good to go. You could set it up in a way that they can drop a file but not read so they would not see others' files. Then every now and then a script could run and move all the files outside the shared space.

 

[Zugzwang152]

You'd probably want to host a FTP drop locally at your office. Otherwise, the sender has to encrypt the actual file being transferred, which is a pain. This is assuming you want to prevent others from seeing these files.

Set up a free SFTP server like FileZilla Server at your office, and take it offline until someone needs to send you something if you are concerned about the anonymous login attempts. Create temporary accounts for each file transfer and then delete them after they're done being used.

 

[shempf]

should be good with sftp or ftps. Choice is obviously dependent of your situation.
Of course the standard ports will be 'attacked' but a simple config takes care of most. I've never had my personal ftps broken, just mainly some scripts attempting password/username guesses, some quite funny.

 

[Crusty]

Originally posted by: RedSquirrel
sftp can still get brute force attack but if you setup something like fail2ban to block IPs that fail you should be good to go. You could set it up in a way that they can drop a file but not read so they would not see others' files. Then every now and then a script could run and move all the files outside the shared space.

That's nothing a strong password or pre-shared key authentication can't take care of, but I definitely agree that sftp is a much safer alternative then plain old ftp.