MFT Internet Server Security Capabilities

MFT Internet Server ensures the security of file transfers and the file transfer data by implementing the following capabilities:

  1. PGP Encryption/Decryption: MFT can PGP encrypt or decrypt data in a streaming mode. PGP provides the following capabilities:
    1. It provides non-repudiation. MFT can identify the signature of the client that encrypted and signed the data.
    2. PGP provides an extra level of encryption. Clear text FTP transfers can send encrypted data that can only be decrypted by a PGP client with the correct private key.
    3. This adds a second level of security to secure protocols. For example, you can PGP encrypt data send in an encrypted SSH connection. This provides two high levels of encryption.
    4. PGP can also automatically compress and decompress data.
    When transferring sensitive data or data that contains financial transactions, we strongly suggest using double levels of encryption: SFTP and PGP.
  2. Key/Certificate and/or Password authentication: Key/Certificate authentication provides the highest level of authentication security. The client key or certificate associates with the private key must be uploaded to MFT and associated with a user before it can be used. So only users with the client system key and the system key password can connect to MFT. Key/Certificate is supported for the following protocols:
    1. Platform Server protocol
    2. HTTPS
    3. FTPS
    4. SFTP

    Client connections to MFT servers support key/certificate authentication.

    MFT connections to target servers also support key/certificate authentication.

  3. Rights assignments: MFT provides granular rights to allow specific admin or transfer functionality. No access is allowed if you do not have the required rights.
  4. Password lockout functionality: MFT can be configured to lockout users after a pre-defined number of invalid logon attempts.
  5. File Transfer Access: No access is allowed by default. TransferRight must be assigned to a user before any transfers can be performed. Additionally, transfer definitions must be defined for a user before any transfers can be performed.
  6. User configuration: A user can be configured so that the user can upload files without getting access to see any files or directory lists.
  7. Virtual Aliases: The actual location of the files and directories is abstracted from the end user through the use of virtual aliases. For example, the following definitions can be made for a user:
    • Tax data can be located on a target UNIX Platform Server.
    • Payroll can be located on a target UNIX SFTP Server.
    • Invoices can be located on a customer's FTPS Server.
  8. File uploads and downloads: Data can be pulled (download) from a target server or pushed (upload) to a target server. This allows MFT to initiate all file transfers for and from a target customer. MFT also allows the customer to initiate upload or download transfers.