It was probably only a matter of time before GlobalSCAPE, Inc. produced a server to complement its respected CuteFTP client program. The offering is GlobalSCAPE Secure FTP Server 1.0, a Windows product aimed squarely at organizations using FTP on a mission-critical basis. The “Secure” in the name indicates how GlobalSCAPE successfully differentiates its product by providing some of the best control and protection tools of any FTP server.
GlobalSCAPE, best known for its CuteFTP client program, has finally brought a server product to market. Secure FTP Server 1.0 is exactly what the name infers, a product aimed squarely at organizations using FTP on a mission-critical basis that provides some of the best control and protection tools found in any FTP server on the market.
File Transfer Protocol is ubiquitous on the Internet. It’s used by consumers for downloading files, of course, but perhaps even more by in-house content providers who use FTP to transfer everything to the Web site. It’s a safe assumption that a great deal of very important and sensitive information is transmitted via FTP — yet how many organizations are careful about this transfer process?
With this in mind, we found the Secure FTP Server to be just about ideal for managing secure file transfers without undo administrative fuss.
There’s nothing about Secure FTP Server that requires more than basic knowledge of the Internet (e.g., IP addresses) and the relevant Windows operating system. However, because of its in-depth security features, becoming familiar with a certain amount of FTP-related jargon (like “Keep Alive” controls and NOOP) might be necessary. Installation requires only a few minutes, an open Internet connection to validate the registration key, and is especially quick if you don’t have to remove or disable an existing FTP server (in most cases Microsoft FTP server). Its resource requirements — a 400 MHz Pentium processor and 128 MB of RAM — are modest.
Some elements of configuration involve creating specific operating system accounts. The documentation does a good job of explaining how to make the server relatively secure by using virtual folders and account permissions. Secure FTP Server can use NT accounts for user verification, and for larger operations it can also be connected by ODBC to an account database. (The ODBC connection requires Microsoft ActiveX Data Objects.)
Besides the NT account authorization, Secure FTP Server provides utilities to create digital certificates and a Certificate Manager to administer a list of trusted accounts. We found certificate handling to be tricky, especially if you have a lot of them. (This is one area that could be improved for enterprise-level use.) SKEY password encryption is supported to prevent password interception if the user has a compatible client (i.e., CuteFTP).
Vetting users doesn’t end with authentication; Secure FTP Server supports various access controls, such as restrictions based on IP address, blocking of suspicious command sequences (e.g., NOOP), blocking of site-to-site transfers, limits on time or IP addresses per account, file size and transfer speed limits, and banning of specified file types. At the transfer level, Secure FTP Server supports 128-bit SSL either explicitly (user requested) or implicitly (port specified).
This is an impressive suite of security controls, and after the intial chore of configuring for a large number of users, it should provide close to maximum security.
A client program (not browser based) is provided for administering Secure FTP Server. It can be run at the server or remotely over the Internet, and provides a very straightforward set of tabs to view server status or activity logs and set configuration options. A single instance of the administration program can manage multiple virtual FTP sites including related directory structures and user accounts. This gives an organization a great deal of flexibility to create and manage various levels of FTP control.
In our testing, Secure FTP Server’s performance was on a par with most other FTP servers, although this can, of course, be influenced by the amount of security measures being used, the nature of the FTP client, and the resources available at the server. Obviously, the GlobalSCAPE CuteFTP client program is a tailored fit for Secure FTP. The approach here is not speed but security oriented, and from the perspective of the FTP operator that is often the most important point.
For its price ($395) and pedigree, GlobalSCAPE Secure FTP Server provides a good value for a very capable product — and some piece of mind.
Pros: Top-notch security features and access controla
Cons: Although designed for mission critical use, configuration for a large number of users is not as easy as it could be
Reviewed By: Nelson King
Original Review Date: 10/17/2002