Email can be frustrating!

Dont you find it frustrating when you need to archive and manage your mail! Why does Outlook have to be so complicated in managing your .pst files. Allot of customers have no idea that they have to archive their emails due to the application limits created by MS Outlook.

So as soon as you ask them about archiving, that is a task that is beyond there abilities not because they are incapable of doing it but more because it’s an infrequent task and therefore a real chore to complete once in a while using MS outlook. Do you feel the same way? If you want a real easy Email Hosting solution with webmail interface then click here.

Secure FTP and available options

SFTP — FTP over SSH

SFTP describes an FTP-like protocol that is secured over an SSH channel. SSH’s standard port is 22, so SFTP’s standard port is also 22. SFTP is “firewall friendly” because all communications run over a single connection.

Unfortunately most implementations of SFTP carry with them a full implementation of SSH, and SSH is traditionally used for shell access. For a typical business connection, allowing shell access is undesirable.  The most recent versions of SSH servers however allow for “SFTP only” configuration and chrooted connections.  Users will be jailed in a specific directory from which they will not be able to break out.

FTPS — FTP over SSL

FTPS is a different protocol entirely. FTPS is a super-set of the same FTP protocol , but it allows for encryption of the connection over an SSL or TLS encrypted socket. This protocol is harder to allow through firewalls because it follows the same process of opening additional connections from server to client or from client to server as the unencrypted version of the FTP protocol.

Implicit FTPS

The FTPS protocol can be run in an “implicit” mode or an “explicit” mode. The implicit mode was used originally; it is an SSL encrypting socket wrapped around the entire communication starting at the point of initial connection. To differentiate this original FTPS from unencrypted FTP, the encrypted FTPS was assigned a standard port of 990. If you see an FTPS server running on port 990, that is almost certainly an implicit FTPS server. It is called “implicit” because the directive to encrypt the connection is implied by using port 990. Note that this mode is far less common than the explicit mode.

Explicit FTPS

Soon after FTPS was in use it was decided it would be best if we could have an FTP server that could support unencrypted as well as encrypted connections, and do it all over the same port. To accommodate this the “explicit” FTPS protocol connection begins as a normal unencrypted FTP session over FTP’s standard port 21. The client then explicitly informs the server that it wants to encrypt the connection by sending an “AUTH TLS” command to the server. At that point the FTPS-enabled server and the client begin the SSL or TLS handshake and further communications happen encrypted. Note that most (if not all) explicit FTPS servers can be optionally configured to require encryption, so it will deny clients that attempt to transfer data unencrypted. Often this can be configured on a user by user basis.

Of these three “secure FTP” protocols, only explicit FTPS is defined by an RFC. In this case it is RFC 4217, released in 2005, even though all these protocols had been in use for years prior.

Comparison

Here is a table recapping some of the differences:

Secure FTP Type SFTP Explicit FTPS Implicit FTPS
Encryption SSH SSL or TLS SSL or TLS
Authentication Options Password, SSH key pair, hosts-based authentication, GSSAPI (Kerberos and Active Directory) Password, SSL certificate Password, SSL certificate
Default Port 22 21 and more for data connections 990 and more for data connections
Firewall Implications Easy; just allow TCP port 22 Difficult; see below Difficult; see below
Additional Host Security Implications Can allow access to Shell if not configured correctly none none
Availability of Software Common, comes with many SSH and FTP packages Common, comes with most FTP packages Uncommon, is no longer listed in FTP Draft so sysadmin may need to build mods from source

Firewall Implications

There are some firewall implications for the FTP over SSL variants. The FTP protocol initially opens one connection to authenticate the user and for the user to issue commands to the server. This is all well and good until the user wants to view the contents of a directory or transfer a file. Once either of those activities are requested, there is another connection made. The connection can be either from client to server (called passive mode) or from server to client (called active mode).

When FTP is unencrypted, firewalls allow the active and passive data connections. They can snoop your connection and see what ports are being decided upon for these connections, and then they quickly allow the connection to get through once. That option is not available when the connection is encrypted.

The active data connections (from server back to client) turn out to be relatively easy to firewall from the server side. By default use port 20 (for explicit FTPS) or port 989 (for implicit FTPS) as the source port of the connection (this can be configured to be a different port in many servers). A firewall protecting an FTPS server can just confirm that there exists at least one FTPS connection to that server, and assume that outbound connections with the right source port are okay.  Most firewalls are configured to always allow these connections based on the source port.

The passive data connections, by default on most servers, could be anything inbound between 49152 and 65535 (or sometimes between 1024 and 65535, depending on OS and server). Most organizations do not want to allow this many ports through the firewall to the server. Fortunately, the better FTPS servers also allow this range to be configured. Select a fixed range large enough to handle your traffic load and configure your FTPS server to only use that range for its passive ports. Then allow those ports through the firewall in addition to the main connection at 21 or 990.

If you want more info look at our secure networks page.

Website Design and Social Media

Mulitfunctional website design requires you to consider content for social media. How will your potential customers interact with the site content and make a decision on your products.

If they like what they see they will refer you to their friends, if they dont you will not gain interest. Your customers time is important and they will only invest it where they can gain benefit!

Focus on content for your customers benefits verses pushing your product and agenda. That will happen automatically if you target your customers needs better. Thats how we attract better customer activity through web design traffic.