Used IBM Servers | New Power 10 Systems | QRadar SIEM Security
SFTP FTPS - IBM i iSeries Secure FTP Methods
The Secure File Transfer protocol, also called SFTP, Secure Shell FTP and SSH FTP, is a Linux and UNIX data transfer tool that is most common and supported on the IBM i platform. The SFTP protocol provides entire session encryption to and from the transfer target or host, and allows use of server-side public key authentication certificates, client-side authorization certificates and supports use of a User ID and password. SFTP is ideal for automating file transfers and commonly used by MFT Managed File Transfer solutions. The IBM i SFTP and FTPS MFT software is the only product that fully supports password-based SFTP in batch mode and is the only software that fully implements this authentication security measure on the IBM i according to the standard. Multiple firewall configurations commonly cause problems for FTPS sessions, which is why SFTP is often chosen. SFTP utilizes a single connection for authentication, sending commands, transferring files, and any other processes involved.
The FTPS protocol (with implicity security) utilizes standard FTP with the addition of a TLS or SSL encryption layer to verify a secure connection. FTPS was initially created for systems to communicate and run commands securely, not to transfer files. When implementing FTPS on IBM i, consider using a MFT solution that supports Clear Channel Command CCC for intelligent firewall negotiation and proxy server (port management) support. You will also want to be able to audit FTPS access to make sure that the sessions authenticates properly and comply with regulations. When using the FTPS protocol in explicit mode (also known as FTPES), the FTPS client may choose to use an encryption method for communication. The FTPS server will determine if it will grant the unsecure client access or refuse the connection. FTPS implicit mode does not allow negotiation, meaning the FTPS server will refuse any unsecure connection and usually uses port 990. If you decide to use FTPS protocol on your IBM i, be sure to use implicit SSL, and a MFT product that implements the RFC 2228 standard. FTPS on IBM i also integrates with the IBM i Digital Certificate Manager (DCM), IBM i security audit journal (QAUDJRN) and native OS400 security controls.
ASCII/EBCDIC and EBCDIC/ASCII translation
XML/DB2 and DB2/XML translation
EDI ANSI X12 AS2 translation
ISO 8583/DB2 and DB2/ ISO 8583 translation
IBM OS400 translation
Custom data conversion and translation
IBM OS400 translation tables with template in product
Both the IBM i SFTP and FTPS MFT software is compatible with the following:
Banks: Bank of America, Wachovia, Wells Fargo, US Bank, State Street, ABN Amro, CitiGroup, JPMorgan Chase, BankOne, and many others.
Credit Card Payment Processors: Visa, American Express, ADS, Chase Merchant Services/Paymentech, First Data, ValueLink, and many others.
Healthcare: Blue Cross Blue Shield, State of California, State of Florida, Hewitt Associates, ZirMed, WebMD, and many others.
Service Providers: Merrill Lynch, Fidelity, ADP, Frick, TALX, eTRAFX, AllTel, Bell South, and many others.
EDI Networks: GXS, Inovis, Sterling, IBM Advantis (now GXS), Pantellos, and many others.
Encryption for data at rest requirements
Securing file transfers is one part of the equation. Once your sensitive data arrives at its destination, you will also want the contents to be encrypted. Data at rest encryption is as important as data in transit. Besides, SFTP and FTPS both help make life difficult for hackers, it only makes sense to protect the The most common practice for securing transferred data at rest is using commercial PGP encryption or Pretty Good Privacy. Both SFTPS and FTPS can incorporate PGP encryption to protect contents of transmissions. PGP encryption is supported on every platform and used in every industries including retail, financial services, health care and insurance. AES encryption is not a good idea to use for file transfers, as you will need to share your encryption key with your trading partner.
Commercial PGP Encryption offers several advanced security features important to corporations and compliance regulations. Commercial PGP supports using Additional Decryption Keys ADK, allowing encrypted files to be sent to multiple people without using the same key. You can also add your own decryption key, allowing recovery of data as part of the audit process, and prove what data was sent to a recipient.
Key servers and local PGP encrypted key stores are also supported on IBM i iSeries AS00 and z/OS mainframe. Self-Decrypting Archives (SDA) is supported on every platform. Commercial PGP is FIPS 140-2 certified.