Your browser does not allow storing cookies. We recommend enabling them.


Replacing Plaintext FTP with FTP-SFTP Conversion

Tectia Server for IBM z/OS offers an easy way to secure plaintext FTP connections with a feature called FTP-SFTP conversion.

When FTP-SFTP conversion is enabled on Tectia Server for IBM z/OS client tools, it automatically captures all FTP connections initiated on the client side and converts the data to use the Secure File Transfer Protocol (SFTP), instead. The transferred files are sent to a Secure Shell SFTP server in encrypted format.

Tectia Server for IBM z/OS should be installed on the same host with the FTP client, and a Secure Shell server must be installed on the same host with the original FTP server.

FTP-SFTP conversion can be configured to pick the user name, password, and destination host directly from the secured FTP client, and use them to open the secured communication channel. This removes the need for any additional configuration modifications or changes to the original FTP scripts or applications. In the Connection Broker configuration, this is done simply with one rule that can fit all FTP connections.

When the FTP-SFTP conversion is used, there is no need for a plaintext FTP server, as the connection is made to an SFTP server instead. This requires that any post-processing done by the FTP server must be redirected to be performed elsewhere.

Tectia Server for IBM z/OS makes it easy to get started with the FTP replacement even in an environment where all FTP servers cannot be removed immediately. For example, there may be need to connect to a third-party FTP server every now and then, even though company-internal file transfers are handled in secure SFTP mode. Tectia Server for IBM z/OS has an option to allow fallback to plaintext FTP in case the secure SFTP connection cannot be established. This way the SFTP format is used always when possible, but connections to the remaining FTP servers are still available.

Using FTP-SFTP conversion

Figure 5.2. Using FTP-SFTP conversion




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now