Certificate Spill

Accidental “certificate spill” is a common problem in file transfer security.   It occurs when an untrained or careless individual accidentally sends the private key associated with a public/private certificate pair to someone who only needs the public component. Certificate spill is a dangerous problem because it exposes credentials that allow unauthorised individuals to act with[..]

Certification (Software and Systems)

Certification of software and systems against a standard is better than having software and systems merely in “compliance” with a standard.  Certification means that a third-party agency such as NIST or the PCI Council has reviewed and tested the claim of fidelity to a standard and found it to be true.  Certifying agencies will usually[..]

Certification (Training)

Individuals working in the file transfer industry frequently have earned one or more certifications through training and testing.  These certifications generally fall into one of three categories: File Transfer Security Certification: (ISC)2 and SANS certified individuals have a good understanding of security from a vendor-neutral point of view.  (CISSP is an (ISC2)2 certification; CCSK is[..]

Check 21

“Check 21” is the common name for the United States’ Check Clearing for the 21st Century Act, a federal law enacted in 2003 that enabled banks to phase out paper check handling by allowing electronic check images (especially TIFF-formatted files) to serve all the same legal roles as original paper checks. Check 21’s effect on[..]

Clear Text Password

A “clear text password” is a common problem in file transfer security.   It is a dangerous problem because it exposes credentials that allow unauthorised individuals to act with the identity and permission of trusted individuals and systems. The problem happens in at least five different areas: Clear text password during input: This problem occurs when[..]

Community Management

“Community Management” is a marketing term used to describe technology and services that use external authentication technology to provision (or “onboard“) users or partners using rich profile definitions and which allows users and partners to maintain elements of their own profiles (e.g., contacts, email addresses, member users with limited rights, etc.). File transfer and/or EDI[..]

Compliance

“Compliance” to a standard is weaker than “validation” or “certification” against a standard.  Compliance indicates that a vendor recognizes a particular standard and has chosen to make design decisions that encompass most, if not all, of the standard. When a vendor has implemented all of the required standard, that vendor will frequently upgrade their statement[..]

Control File

A control file is a special file that is sent along with one or more data files to tell applications that handle the data files how to handle them.  Control files are typically created by the same application that original sends files into a file transfer system. The most common type of control file is[..]

Core FTP

Core FTP is a secure FTP software brand that includes a free desktop FTP client (Core FTP LE), a commercial FTP client (Core FTP Pro) and an FTP server (Core FTP Server).

CRC

CRC (“cyclic redundancy check”) is an early data integrity check standard (a.k.a. “hash”).  Most CRC codes are 32-bit numbers and are usually represented in hexadecimal format (e.g., “567890AB”). CRC was commonly used with modem-based data transfer systems because it was cheap to calculate and fast on early computers.   Its use carried over into FTP software[..]

Cut-Off Time

In file transfer operations, a cut-off time is a specific time of day a processor must receive a batch or file by so processing can begin on that day.   The processor, not the sender, decides the cut-off time. For example, if a processer publishes a cut-off time of 5pm, then a file received at 4:59pm[..]

Cyber Liability

Cyber liability is the risk posed by conducting business over the Internet, over other networks or using electronic storage technology.  Insurance can be bought and “risk based” security strategies can be used to mitigate against both the first- and third-party risks caused by cyber liability. A “first party” cyber liability occurs when your own information[..]

Cyberduck

Cyberduck is a free open source file transfer client for Windows and Macintosh desktops. Cyberduck offers support for FTP, FTPS, SFTP, Amazon S3, Rackspace Cloud Files, Google Storage for Developers and Amazon Cloud Front.  Cyberduck features sychronization across multiple server types and support for many languages. Cyberduck’s official site is cyberduck.ch.  It is licensed under[..]