AD (pronounced “ay, dee”) is an abbreviation for Microsoft Active Directory, a very common external authentication system used in the file transfer industry to centralise authentication, user account information and access control. See “Active Directory” for more information.
The term “ad hoc” or “person to person” file transfer is better described as someone wanting to send a file to another person, generally on a ‘one-off’ basis. To elaborate, let’s set the scene. It’s 5.30 pm on a Friday afternoon. You have been working on a really important proposal[..]
AES (“Advanced Encryption Standard”) is an open encryption standard that offers fast encryption at 128-bit, 192-bit and 256-bit strengths. AES is a symmetric encryption algorithm often used today to secure data in motion in both SSH and SSL/TLS. (After a symmetric key exchange is used to perform the handshake in[..]
AndFTP is a free, full-featured, interactive FTP client for Android smartphones and devices. It was created by Lysesoft, a company specialising in Android phone file transfer client development. AndFTP offers support for FTP, FTPS, SFTP and can remember a large number of connection profiles. FireFTP does not yet (as of[..]
ANSI X.9 (or “ANSI/X.9”) is a group of standards commonly used with bulk data transmissions in item processing and Fed transfers. An example of an ANSI X.9 standard is “ANSI X9.100-182-2011” which covers how XML can be used to deliver bulk data and images. Published ANSI standards may include some[..]
AS1 (“Applicability Statement 1”) is an SMIME-based transfer protocol that uses plain old email protocols (such as SMTP and POP3) to transmit files with end-to-end encryption and guaranteed delivery/non-repudiation (when MDNs are in use). End-to-end encryption is accomplished through the use of asymmetric encryption keyed with the public and private[..]
AS2 (“Applicability Statement 2”) is an SMIME-based transfer protocol that uses HTTP/S to transmit files with end-to-end encryption and guaranteed delivery/non-repudiation (when MDNs are in use). There are two main reasons that AS2-based transmission systems are unpopular unless specifically requested by particular partners are complexity and cost. In terms of[..]
AS2 optional profiles (also “optional AS2 profiles”) are features built into the AS2 protocol but not used by every Drummond certified vendor. However, the Drummond Group does validate seven different optional profiles (nine total) and these are briefly covered below. Certificate Exchange Messaging (CEM) – A standard way of exchanging[..]
AS3 (“Applicability Standard 3”) is an SMIME-based transfer protocol that uses FTP/S to transmit files with end-to-end encryption and guaranteed delivery/non-repudiation (when MDNs are in use). AS3 is an unpopular implementation of the AS2 protocol. Many vendors successfully sell software that supports AS2 but not AS1 or AS3. However, AS3’s[..]
Automated file transfer is a term used to describe the programmatic movement of files. Typically automated business processes exist for system to system transfers either inside an organisation or between trading partners and are usually file based. Businesses usually look to adopt fully featured solutions to replace legacy scripts or[..]
B2B (“business to business”) is a market definition (a “space”) that covers technology and services that allow file and other transmissions to be performed between businesses (i.e., not between consumers). B2B covers a lot of conceptual ground, from simple “file transfer” and “secure file transfer” to more sophisticated “managed file[..]
A Bank Identifier Code (BIC) is an 8 or 11 character ISO code used in SWIFT transactions to identify a particular financial institution. (BICs are also called “SWIFT addresses” or “SWIFT codes”.) The format of the BIC is determined by ISO 9362, which now provides for unique identification codes for[..]
Accidental “certificate spill” is a common problem in file transfer security. It occurs when an untrained or careless individual accidentally sends the private key associated with a public/private certificate pair to someone who only needs the public component. Certificate spill is a dangerous problem because it exposes credentials that allow[..]
Certification of software and systems against a standard is better than having software and systems merely in “compliance” with a standard. Certification means that a third-party agency such as NIST or the PCI Council has reviewed and tested the claim of fidelity to a standard and found it to be[..]
Individuals working in the file transfer industry frequently have earned one or more certifications through training and testing. These certifications generally fall into one of three categories: File Transfer Security Certification: (ISC)2 and SANS certified individuals have a good understanding of security from a vendor-neutral point of view. (CISSP is[..]
CFTP is recognised certification for file transfer professionals approved by the CPD. To find out more about the course please visit the CFTP website.
“Check 21” is the common name for the United States’ Check Clearing for the 21st Century Act, a federal law enacted in 2003 that enabled banks to phase out paper check handling by allowing electronic check images (especially TIFF-formatted files) to serve all the same legal roles as original paper[..]
A “clear text password” is a common problem in file transfer security. It is a dangerous problem because it exposes credentials that allow unauthorised individuals to act with the identity and permission of trusted individuals and systems. The problem happens in at least five different areas: Clear text password during[..]
“Community Management” is a marketing term used to describe technology and services that use external authentication technology to provision (or “onboard“) users or partners using rich profile definitions and which allows users and partners to maintain elements of their own profiles (e.g., contacts, email addresses, member users with limited rights,[..]
“Compliance” to a standard is weaker than “validation” or “certification” against a standard. Compliance indicates that a vendor recognizes a particular standard and has chosen to make design decisions that encompass most, if not all, of the standard. When a vendor has implemented all of the required standard, that vendor[..]
A control file is a special file that is sent along with one or more data files to tell applications that handle the data files how to handle them. Control files are typically created by the same application that original sends files into a file transfer system. The most common[..]
Core FTP is a secure FTP software brand that includes a free desktop FTP client (Core FTP LE), a commercial FTP client (Core FTP Pro) and an FTP server (Core FTP Server).
CRC (“cyclic redundancy check”) is an early data integrity check standard (a.k.a. “hash”). Most CRC codes are 32-bit numbers and are usually represented in hexadecimal format (e.g., “567890AB”). CRC was commonly used with modem-based data transfer systems because it was cheap to calculate and fast on early computers. Its use[..]
In file transfer operations, a cut-off time is a specific time of day a processor must receive a batch or file by so processing can begin on that day. The processor, not the sender, decides the cut-off time. For example, if a processer publishes a cut-off time of 5pm, then[..]
Cyber liability is the risk posed by conducting business over the Internet, over other networks or using electronic storage technology. Insurance can be bought and “risk based” security strategies can be used to mitigate against both the first- and third-party risks caused by cyber liability. A “first party” cyber liability[..]
Cyberduck is a free open source file transfer client for Windows and Macintosh desktops. Cyberduck offers support for FTP, FTPS, SFTP, Amazon S3, Rackspace Cloud Files, Google Storage for Developers and Amazon Cloud Front. Cyberduck features sychronization across multiple server types and support for many languages. Cyberduck’s official site is[..]
This is the individual within an organisation who is responsible for the data. The data controller defines the data collected and the reasons for processing.
Under GDPR, individuals have the right to have their personal data transferred to another system or organisation.
Someone who processes data on behalf of the Data Controller.
The Data Protection Act of 1998 was brought into force on March 1st 2000. Introduced to give UK citizens the right to access personal information held by ‘data controllers’ (any individual within an organisation handling personal data) within the United Kingdom, the Data Protection Act also details principles concerning the[..]
This is an overarching principle of GDPR. It means building data protection into business processes, products and services from the outset.
This is a document that describes the nature of the data, the purpose of the transfer, how it is performed and the security configuration. A DPIA is a key requirement of GDPR.
This is the individual that the data is about.
DEP is sometimes used an abbreviation for “Data Exchange Partner”.
DEPCON is the common name for the Unisys Distributed Enterprise Print Controller software. This software is often deployed in financial data centers that use it to break apart and distributed aggregated reports. As more and more print jobs moved to electronic distribution formats, file transfer technology was frequently applied to[..]
Deprovisioning is the act of removing access from and freeing up resources reserved by end users and their file transfer workflows. Rapid removal of access upon termination or end of contract is key to any organisation. Freeing up of related resources (such as disk space, certificates, ports, etc.) is also[..]
DES (“Digital Encryption Standard”) is an open encryption standard that offers weak encryption at 56-bit strength. DES used to be considered strong encryption, but the world’s fastest computers can now break DES in near real time. A cryptographically valid improvement on DES is 3DES (“Triple DES”) – a strong encryption[..]
In file transfer, a “document definition” typically refers to a very specific, field-by-field description of a single document format (such as an ACH file) or single set of transaction data (such as EDI’s “997” Functional Acknowledgement). Document definitions are used in transformation maps and can often be used outside of[..]
A “double post” is the act of sending a file in for processing twice on a production system. Most operators consider a “double post” to be far worse than a missing file or missing transmission, because files sent in for internal processing often cannot be cleanly backed out. Double post[..]
In the file transfer industry, “Drummond Certified” typically indicates that the AS2 implementation in a particular software package has been tested and approved by the Drummond Group. Most file transfer protocols follow RFCs, and AS2 is no exception. (AS2 is specified in RFC 4130, and the “MDNs” AS2 relies on[..]
The Drummond Group is a privately held test laboratory that is best known in the file transfer industry as the official certification behind the AS2 standard. See “Drummond Certified” for more information about the AS2 certification. The Drummond Group also offers AS1 and ebXML validation, quality assurance and other related[..]
EAI is short for “Enterprise Application Integration“, a methodology which balances seamless experience across heterogeneous enterprise applications and datasets of various origins, scope and capability with the need to make major changes to those applications or datasets.
The European Committee for Banking Standards (“ECBS”) was a standards body that focused on European banking technology and infrastructure. It was formed in 1992 and disbanded in 2006; it has since been replaced by the European Payments Council. It is still common to see references to the ECBS in GSIT[..]
EDI is a computer-to-computer exchange of business documents. This exchange is based on a standard electronic format which allows business partners to interact.
Enterprise Application Integration (“EAI”) is a methodology which balances seamless experience across heterogeneous enterprise applications and datasets of various origins, scope and capability with the need to make major changes to those applications or datasets. Today, EAI often uses ESB (“Enterprise Service Bus”) infrastructure to allow these various applications to[..]
An Enterprise Service Bus (“ESB”) is a modern integration concept that refers to architectural patterns or specific technologies designed to rapidly interconnect heterogeneous applications across different operating systems, platforms and deployment models. ESBs include a set of capabilities that speed and standardise a Service-Oriented Architecture (“SOA”), including service creation and[..]
ESB is short for “Enterprise Service Bus“, a modern integration technology used to quickly tie heterogeneous applications across different operating systems, platforms and deployment models.
The European Payments Council (“EPC”) coordinates European inter-banking technology and protocols, particularly in relation to payments. In 2011 the EPC boasted that it processed 71.5 billion electronic payment transactions. The EPC assumed all the former duties of the European Committee for Banking Standards (“ECBS”) in 2006. It is now the[..]
External authentication is the use of third-party authentication sources to decide whether a user should be allowed access to a system, and often what level of access an authenticated user enjoys on a system. In file transfer, external authentication frequently refers to the use of Active Directory (AD), LDAP or[..]
Here at Pro2col we’re increasingly being asked by our clients to help them move large data sets. The amount of data as everyone knows is increasing in size, as are file sizes. It is now common in our discussions to talk about files of many Gigabytes in size. The challenge[..]
The FDIC (“Federal Deposit Insurance Corporation”) directly examines and supervises more than 4,900 United States banks for operational safety and soundness. (As of January 2011, there were just less than 10,000 banks in the United States; about half are chartered by the federal government.) As part of its bank examinations,[..]
The Federal Reserve (also “the Fed”) is the central bank of the United States. It behaves like a regulatory agency in some areas, but its main role in the file transfer industry is as the primary clearinghouse for interbank transactions batched up in files. Nearly every bank or bank service[..]
The FFIEC (“Federal Financial Institutions Examination Council”) is a United States government regulatory body that ensures that principles, standards, and report forms are uniform across the most important financial regulatory agencies in the country. The agencies involved include the Federal Reserve (“the Fed”), the Federal Deposit Insurance Corporation (FDIC), the[..]
FIPS 140-2 is the most commonly referenced cryptography standard published by NIST. “FIPS 140-2 cryptography” is a phrase used to indicate that NIST has tested a particular cryptography implementation and found that it meets FIPS 140-2 requirements. Among other things, FIPS 140-2 specifies which encryption algorithms (AES and Triple DES),[..]
FIPS 140-3 will soon replace FIPS 140-2 as the standard NIST uses to validate cryptographic libraries. The standard is still in draft status, but could be issued in 2011. FIPS 140-2 has four levels of security: most cryptographic software uses “Level 1” and most cryptographic hardware uses “Level 3”. FIPS[..]
“FIPS compliant” is a slippery phrase that often indicates that the cryptography used in a particular solution implements some or all the algorithms specified in FIPS 140-2 (e.g., AES) but that the underlying cryptography component has not been validated by NIST laboratories. “FIPS validated” is much stronger statement.
“FIPS validated” is a label that indicates that the cryptography used in a particular solution implements some or all the algorithms specified in FIPS 140-2 (e.g., AES) and that the underlying cryptography component has been validated by NIST laboratories. See “FIPS compliant” for a weaker statement.
Mozilla’s Firefox is a free, open source web browser that offers a similar browsing experience across a wide variety of desktop operating systems, including Windows, Macintosh and some Linux variants. As of December 2010, Firefox held about 30% of the desktop browser market, making it the #2 browser behind Internet[..]
Mime Čuvalo’s FireFTP is a free, full-featured, interactive FTP client that plugs into Mozilla Firefox as an add-on. FireFTP offers support for FTP, FTPS, SFTP and can remember a large number of connection profiles. FireFTP supports integrity checks using MD5 and SHA1, file compression on the fly (i.e., “MODE Z”),[..]
A file transfer protocol that is “firewall friendly” typically has most or all of the following attributes: 1) Uses a single port 2) Connects in to a server from the Internet 3) Uses TCP (so session-aware firewalls can inspect it) 4) Can be terminated or proxied by widely available proxy[..]
The FTP File Transfer Protocol is a method used to transfer files from one computer to another through a network whether that’s an internal network (from one computer to another within the same network) or more commonly a Wide Area Network such as the Internet. An FTP site is a[..]
The term “FTP with PGP” describes a workflow that combines the strong end-to-end encryption, integrity and signing of PGP with the FTP transfer protocol. While FTPS can and often should be used to protect your FTP credentials, the underlying protocol in FTP with PGP workflows is often just plain old[..]
FTPS File Transfer, FTP Secure or FTP-SSL as it can be referred to, is a secure means of sending data over a network. Often misidentified as SFTP (an independent communications protocol in its own right), FTPS describes the sending of data using basic FTP run over a cryptographic protocol such as SSL (Secure Socket Layers) or TLS (Transport[..]
GDPR is the new EU regulation for handling people’s personal data. It stands for ‘General Data Protection Regulation’ and comes into force on the 25th May 2018. This stringent set of security measures relate to how and where personal data is collected, handled and used. By reinforcing individuals’ rights and[..]
The Gramm-Leach-Bliley Act of 1999, also known as The Financial Modernisation Act, details regulations that financial institutions must be adhered to, in order to protect consumers’ financial information. The GLBA law governs all financial institutions that hold what is classed as ‘personal data’ including, insurance companies, security firms, banks, credit[..]
HTTP File Transfer (Hypertext File Transfer Protocol) is a set of rules for exchanging files on the World Wide Web. HTTP defines how messages are formatted and sent, as well as the actions web servers and browsers should take in response to commands. A browser is used to send an[..]
HTTPS file transfer describes the combination of HTTP (Hypertext Transfer Protocol) and a secure protocol such as SSL or Transport Layer Security (TLS). It is used to send sensitive data over unsecured networks, for example the Internet. These individual protocols operate on different levels of the ‘network layer’, derived from[..]
In file transfer, the term “internal controls” refers to both technology and manual (human-performed) procedures used to mitigate against risk. Examples of typical internal technology include firewalls, secure file transfer software and standalone encryption packages. Examples of manual internal control procedures include background checks, “multiple signer” document approval workflows and[..]
The Internet Protocol Suite is a term used to describe the set of communication protocols, developed individually by the IT community, for sending data over computer networks such as the Internet. TCP (Transmission Control Protocol) and IP (Internet Protocol) were the first two protocols included in the Internet Protocol Suite[..]
IPv6 is the name of the networking protocol which is rapidly replacing the use of IPv4 in wake of widespread IPv4 exhaustion. IPv6 is defined in 1998’s RFC 2460. IPv6 addresses are written in “colon notation” like “fe80:1343:4143:5642:6356:3452:5343:01a4” rather than the “dot notation” used by IPv4 addresses such as ”[..]
ISO 27001 is an Information Security Management Standard (ISMS), published in October 2005 by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC). Essentially an updated version of the old BS7799-2 standard, it provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented[..]
LAN is the abbreviation used to describe a Local Area Network. The term “Local Area Network” refers to a computer network that covers a small physical area, usually confined to one building or a small group of buildings e.g. a home network or a business network. A LAN is usually[..]
The term latency is an expression for the period of time taken to send a data packet from a source to the intended destination, the higher the latency the slower the data transmission. This incorporates all elements of the file sending process – including encoding, transmission, and decoding. Certain delivery[..]
LDAP is a type of external authentication that can provide rich details about authenticated users, including email address, group membership and client certificates. LDAP connection use TCP port 389 but can (and should) be secured with SSL. When LDAP is secured in this manner, it typically uses TCP port 636[..]
LDAPS refers to LDAP connections secured with SSL, typically over TCP port 636. See “LDAP” for more information.
A leased line is a dedicated, communications line set up between 2 end points by a telecommunications specialist. Not physical in nature, leased lines are in reality a reserved circuit and do not have a telephone number, each side of the circuit being permanently connected to the other. Leased lines[..]
Managed file transfer is an industry term used to describe a hardware or software solution that facilitates the movement of large files both inside and outside of the business, whilst maintaining the security and integrity of sensitive data. Although many managed file transfer solutions are built using the FTP file[..]
In file transfer, a “map” is usually short for “transformation map“, which provides a standardised way to transform one document format into another through the use of pre-defined document definitions. See “transformation map” for more information.
In file transfer, a “mapper” is a common name for a “transformation engine” that converts documents from one document definition to another through “transformation maps“. See “transformation engine” for more information.
MD4 (“Message Digest [algorithm] #4”) is best known as the data integrity check standard (a.k.a. “hash”) that inspired modern hashes such as MD5, SHA-1 and SHA-2. MD4 codes are 128-bit numbers and are usually represented in hexadecimal format (e.g., “9508bd6aab48eedec9845415bedfd3ce”). Use of MD4 in modern file transfer applications is quite[..]
MD5 (“Message Digest [algorithm] #5”) is the most common data integrity check standard (a.k.a. “hash”) used throughout the world today. MD5 codes are 128-bit numbers and are usually represented in hexadecimal format (e.g., “9508bd6aab48eedec9845415bedfd3ce”). MD5 was created in 1991 as a replacement for MD4 and its popularity exploded at the[..]
An MDN (“Message Disposition Notification”) is the method used by the AS1, AS2 and AS3 protocols (the “AS protocols”) to return a strongly authenticated and signed success or failure message back to the senders of the original file. Technically, MDNs are an optional piece of any AS protocol, but MDNs’[..]
Message-Oriented Middleware (“MOM”) is software that delivers robust messaging capabilities across heterogeneous operation systems and application environments. Up through the early 2000’s MOM was the backbone of most EAI (“Enterprise Application Integration”) inter-application connectivity. Today, that role largely belongs to to ESB (“Enterprise Service Bus”) infrastructure instead.
In file transfer, “metadata” usually refers to information about files moved through a file transfer system. Examples of metadata include usernames of original submitter, content types, paths taken through the system so far and affirmations of antivirus or DLP checks. Metadata such as suggested next steps is often submitted to[..]
Microsoft Cluster Server (“MSCS”) is a Microsoft-specific high availability technology that provides a failover capability to pairs of its servers. Like “web farm”, the term “clustering” is a vendor-neutral term, but every vendor that does clustering does it a little differently, and provides cluster services at different levels (typically at[..]
Middleware is a software architecture concept that refers to integration of disparate applications to facilitate reliable communication. Middleware frequently relies on encapsulating inter-application communications in the concept of an “message”, and often has the ability to queue or perform optimized delivery or copying of messages to various applications. Common types[..]
In the context of file transfer, MOM stands for “Message-Oriented Middleware“, which is software that delivers robust messaging capabilities across heterogeneous operation systems and application environments.
MSCS is an abbreviation for “Microsoft Cluster Server“, which is a Microsoft-specific high availability technology that provides a failover capability to pairs of its servers.
The NCUA (“National Credit Union Administration”) is like the FDIC for credit unions. It provides insurance to credit unions and expects a solid level of operations in return. It provides regulations and audits member credit unions for fitness. The NCUA’s official web site is www.ncua.gov. See also: “FFIEC” (umbrella regulation,[..]
The concept of a network layer or ‘layered network’, was developed to account for the rapid changes that occur in technology. This concept allowed for the inclusion of newly developed protocols to work alongside one another to achieve a specified task, for example a secure file transfer. The Higher layers[..]
NIST (“National Institute of Standards and Technology”) is a United States based standards body whose influence on the file transfer industry is felt most heavily through its FIPS 140-2 encryption and hashing standard. It is also the keeper of many other security standards which must be met if file transfer[..]
Non-repudiation (also “nonrepudiation”) is the ability to prove beyond a shadow of doubt that a specific file, message or transaction was sent at particular time by a particular party from another party. This proof prevents anyone from “repudiating” the activity: later claiming that the file, message or transaction was not[..]
The OCC (“Office of the Comptroller of the Currency”) is an independent bureau of the United States Treasury Department. It charters, regulates and supervises all national banks. It also supervises the federal branches and agencies of foreign banks. In its regulatory role, it is similar to the FDIC. The OCC’s[..]
OLA is an abbreviation for “Operating Level Agreement“, which is a type of internal agreement between departments that make it possible for file transfer operations to achieve their SLAs (Service Level Agreements). See “Operating Level Agreement” for more information.
To onboard a user or onboard a partner is to set up all the necessary user accounts, permissions, workflow definitions and other elements necessary to engage in electronic transfers of information with those users and partners. Automatic onboarding of users or partners usually involves external authentication technology of some kind. [..]
An operational level agreement (OLA) is a less stringent form of service level agreement (SLA) typically set up between two departments in the same organisation, especially when an OLA is set up to help support a customer-facing SLA. See “Service Level Agreement” for more information
Orchestration is the ability to control operational flows and activities based on business rules, especially in multi-application systems complicated enough to require middleware such as ESB (“Enterprise Service Bus”) or the older MOM (“Message-Oriented Middleware”). In the context of a file transfer system, orchestration often refers to the ability to[..]
The OTS (“Office of Thrift Supervision”) is a United States Treasury Department office that oversees “savings and loans”, particularly those involved in real estate mortgages. The OTS examines each member institution every 12-to-18 months to assess the institution’s safety and soundness. In that role, it behaves much like the FDIC[..]
The term “package” can mean different things in different file transfer situations. “Installation package” – A file that contains all the executables, installation scripts and other data needed to install a particular application. This file is usually a compressed file and is often a self-extracting compressed file. “Package sent to[..]
In the world of IT, packet or packets is the term used to describe a unit of data, such as bytes or characters. When sending data over a network, messages or files are broken down into manageable packets before transmission. These packets can also be referred to as a datagram,[..]
The PCI Security Standards Council is an open global forum and was formed in 2006 – the 5 founding global payment brands include: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. A Global Security Standard, PCI DSS comprises of 12 comprehensive requirements designed to enhance the[..]
PCI stands for “Payment Card Industry”. In file transfer, “PCI compliance” frequently refers to a deployed system’s ability to adhere to the standard outlined in “PCI DSS” – a security regulation for the credit card industry. “PCI certification” is achieved when a PCI compliant system is audited by a PCI[..]
The “PCI Council” is a short name for “PCI Security Standards Council”, the vendor-independent consortium behind PCI (“Payment Card Industry”) standards.
PCI DSS is an information security standard introduced by The PCI Security Standards Council, an open global forum and was formed in 2006 – the 5 founding global payment brands include: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. A Global Security Standard, PCI DSS comprises[..]
The PCI Security Standards Council is the vendor-independent consortium behind the PCI (“Payment Card Industry”) standards.
Personal data means any data that makes a living person identifiable. This could be ‘direct’, such as their name, or ‘indirect’. This is where combined information could identify the person. GDPR refers to special categories or sensitive data. This includes information about racial or ethnic origin, political opinions, religious or[..]
PeSIT is an open file transfer protocol often associated with Axway. It was originally developed before the availability of the Internet as we know it today, to connect mainframe computers via X25. ISDN modems or TCP/IP based WAN’s. Like Sterling Commerce’s proprietary NDM file transfer protocol, PeSIT has now been written[..]
PGP (“Pretty Good Privacy”) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
Provisioning is the act of adding access to and allocating resources to end users and their file transfer workflows. It is often used interchangeably with the term “onboarding“. The act of provisioning should always be audited, and the audit information should include the identity of the person who authorized the[..]
QOS stands for “Quality Of Service”. See “Quality of Service” for more information.
Quality of Service (or “QOS”) is the ability to describe a particular level of service and then intelligently allocate resources to reliably provide that level of service. A common example of general QOS capabilities is found in the “traffic shaping” features of routers: different types of traffic (e.g., web surfing,[..]
RADIUS is an authentication protocol that supports the use of username, password and sometimes one extra credential number such as a hardware token PIN. In file transfer applications, RADIUS sign on information can be collected by web-based, FTP-based or other file transfer prompts and then tried against trusted RADIUS servers.[..]
RFI stands for “Request for Information” and is used to ask which products and services are available to meet your file transfer needs and to get information about the firms behind the offerings. The utility of RFIs in the acquisition of technology declined significantly with the rise of the world[..]
RFP stands for “Request For Proposal” and allows multiple vendors to suggest a specific solution to your specific challenges in a well-documented and repeatable format. Good responses to a file transfer RFP will answer your questions about: Vendors’ ability to execute (e.g., experience, expertise) Vendors’ position in the industry (e.g.,[..]
Under GDPR, the data subject has the right to request erasure of personal data.
The Sarbanes Oxley Act is a US federal law, enacted on 30th July 2002, governing financial reporting and accountability processes within public companies. The legislation was brought into force as a safeguard, following a succession of corporate accounting scandals, involving a number of high profile organisations. These companies purposefully manipulated[..]
Security is of paramount importance in today’s corporate environments, due to the sensitive nature of the information that they hold. Industry standards such as PCI DSS, Sarbanes Oxley and HIPAA dictate an organisation’s responsibility to secure such information and as such, the need for secure file transfer solutions has become[..]
Self-provisioning is the ability for individual end users and partners to set up (or “provision“) their own accounts. Self-provisioning is a common element of most cloud services but remains relatively rare in file transfer applications. A major difference between those environments is that self-provisioning in cloud services usually involves linking[..]
The Single Euro Payments Area (SEPA) is an EU initiative to unify payments within the EU. It is primarily driven by the European Payments Council. (SEPA is not, by itself, a standard.)
A file transfer service level agreement (SLA) establishes exactly what a particular customer should expect from a particular file transfer provider, and how that customer should seek relief for grievances. A file transfer SLA will often contain the following kinds of service expectations: Availability: This expresses how often the file[..]
SFTP file transfer or the ‘SSH file transfer protocol’ as it is more formally known, is a network communications protocol used for sending data securely over a network. A common misconception associated with SFTP is that it uses FTP run over SSH – this is not the case. SFTP, sometimes[..]
SHA-1 (“Secure Hash Algorithm #1”, also “SHA1”) is the second most common data integrity check standard (a.k.a. “hash”) used throughout the world today. SHA-1 codes are 160-bit numbers and are usually represented in hexadecimal format (e.g., “de9f2c7f d25e1b3a fad3e85a 0bd17d9b 100db4b3”). SHA-1 is the least secure hash algorithm NIST currently[..]
SHA-2 (“Secure Hash Algorithm #2”) is the most secure hash algorithm NIST currently supports in its FIPS validated cryptography implementations. SHA-2 is really a collection of four hashes (SHA-224, SHA-256, SHA-384 and SHA-512), all of which are stronger than SHA-1. Complete SHA-2 implementations in file transfer are still uncommon but[..]
SHA-224 is the 224-bit component of the “SHA-2” data integrity check standard (a.k.a. “hash”). It is not a unique hash algorithm within the SHA-2 standard but is instead a truncated version of SHA-256. See “SHA-2” for more information.
SHA-256 is the 256-bit component of the “SHA-2” data integrity check standard (a.k.a. “hash”). Like SHA-512, it is one of two unique algorithms that make up a SHA-2 hash, but SHA-256 is optimized for 32-bit calculations rather than 64-bit calculations. See “SHA-2” for more information.
SHA-3 refers to the new hash algorithm NIST will choose to someday replace SHA-2. A contest to select the new hash is scheduled to conclude in 2012.
SHA-384 is the 384-bit component of the “SHA-2” data integrity check standard (a.k.a. “hash”). It is not a unique hash algorithm within the SHA-2 standard but is instead a truncated version of SHA-512. See “SHA-2” for more information.
SHA-512 is the 512-bit component of the “SHA-2” data integrity check standard (a.k.a. “hash”). Like SHA-256, it is one of two unique algorithms that make up a SHA-2 hash, but SHA-512 is optimized for 64-bit calculations rather than 32-bit calculations. See “SHA-2” for more information.
SLA is an abbreviation for “Service Level Agreement“, which is a specific contract between a customer and a provider that lays out exactly what each side can expect from the other. The minimum amount of work and minimum level of due care that a file transfer operations team is[..]
SMTP is an email protocol used to push messages and attachments from server to server. Many technologies have been used to secure SMTP over the years, but the best technologies available today use SSL (version 3) or TLS to secure the entire SMTP connection. SMTP typically uses TCP port 25[..]
SSH (Secure Shell) is a network protocol used to establish a secure connection between a client and server. Once a connection has been established, it acts like an encrypted tunnel down which data can be exchanged securely. SSH file transfer is used to maintain the confidentiality and integrity of data[..]
SSL (“Secure Sockets Layer”) was the first widely-deployed technology used to secure TCP sockets. Its use in HTTPS (HTTP over SSL) allowed the modern age of “ecommerce” to take off on the world wide web and it has also been incorporated into common file transfer protocols such as FTPS (FTP[..]
Under GDPR, the data subject has the right to request all personal data a data controller has on them. This includes their supply chain.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) runs a popular system used by banks around the world to quickly exchange transactions with each other. Most international interbank messages use this system. Unlike clearing houses or other institutions that provide intermediate or final settlement of financial transactions, SWIFT is simply[..]
HIPAA is the abbreviation of ‘The Health Insurance Portability and Accountability Act’. It is a US federal law governing the protection and privacy of sensitive, patient health care information. Proposed in 1996 by Congress, HIPAA was finally brought into enforcement by the Department of Health and Human Services (HHS) in[..]
TLS (“Transport Layer Security”) is the modern version of SSL and is used to secure TCP sockets. TLS is specified in RFC 2246 (version 1.0), RFC 4346 (version 1.1) and RFC 5246 (version 1.2). When people talk about connections “secured with SSL”, today TLS is the technology that’s really used[..]
A translation engine is software that performs the work defined in individual transformation maps. The transformation engines that power transformation maps are typically defined as “single-pass” or “multiple-pass” engines. Single-pass engines are faster than multiple-pass engines because documents are directly translated from source formats to destination formats, but single-pass engines[..]
A transformation map (or just “map”) provides a standardised way to transform one document format into another through the use of pre-defined document definitions. A single transformation map typically encompasses separate source and destination document definitions, a field-by-field “mapping” from the source document to the destination, and metadata such as[..]
In file transfer, a “translation engine” is a common name for a “transformation engine” that converts documents from one document definition to another through “transformation maps“. See “transformation engine” for more information.
TCP (Transmission Control Protocol) is one of the two core protocols used in Data Communications, the second core protocol being IP. Part of the Internet Protocol Suite (often referred to as TCP/IP), TCP is a transport layer responsible for higher-level operations. It provides reliable, ordered delivery of data packets between[..]
A transmission window is a window of time in which certain file transfers are expected or allowed to occur. Transmission windows typically reoccur on a regular basis, such as every day, on all weekdays, on a particular day of the week, or on the first or last day of the[..]
A “trigger file” is a common type of control file used to initiate further processing or retransmission. Trigger files are typically created by the same application that original sends files into a file transfer system. The two most common types of trigger files are files with similar names to the[..]
3DES (also “Triple DES”) is an open encryption standard that offers strong encryption at 112-bit and 168-bit strengths. 3DES is a symmetric encryption algorithm often used today to secure data in motion in both SSH and SSL/TLS. (After asymmetric key exchange is used perform the handshake in a SSH or[..]
Software, systems and processes that are “validated” against a standard are typically better than those merely in “compliance” with a standard. Validation means that a third-party agency such as NIST or the PCI Council has reviewed and tested the claim of fidelity to a standard and found it to be[..]
VAN stands for “Value Added Network”. A VAN is a data transfer service that uses EDI and/or file transfer protocols to connect to dozens, hundreds or even thousands of businesses. VANs are often industry-specific; the ones that are will usually connect to almost every major supplier and consumer within that[..]
As a somewhat abstract definition, it is crucial to understand the context in which we are using the word ‘virtual’ before moving onto the definition of virtualisation. The term virtual, in this scenario is defined as “computing not physically existing as such but made by software to appear to do[..]
A “web farm” is a high availability application architecture that is common to many vendors and products. It usually involves the use of multiple web (HTTP/S) application servers, each serving the same function, and often relying on the use of round-robin session distribution from a network load balancer (NLB). However,[..]
A network that spans a wide geographical area is referred to as a WAN (Wide Area Network). A WAN consists of a collection of LAN’s (Local Area Networks) connected by a router that maintains both the LAN information and the WAN information. The WAN side of the router will then[..]
WS_FTP Home was a commercial file transfer client for Windows desktops. It was in the market for about five years but was retired in favor of a new edition of WS_FTP LE in 2010. WS_FTP Home offered a two-panel user interactive user interface and batch scripts that can be scheduled[..]
WS_FTP LE is a free commercial file transfer client for Windows desktops. The current edition is built on WS_FTP Home’s code base and was reintroduced to the market in 2010. WS_FTP LE offers a two-panel user interactive interface and its supported protocols are all variants of FTP/S. WS_FTP LE is[..]
WS_FTP Professional is a commercial file transfer client for Windows desktops. It offers a two-panel user interactive interface and batch scripts that can be scheduled with Windows scheduler. Supported protocols include FTP/S and SFTP, plus proprietary HTTPS connections to MOVEit DMZ. BEST PRACTICE: The WS_FTP clients still constitute one of[..]
An X.509 certificate is a high-security credential used to encrypt, sign and authenticate transmissions, files and other data. X.509 certificates secure SSL/TLS channels, authenticate SSL/TLS servers (and sometimes clients), encrypt/sign SMIME, AS1, AS2, AS3 and some “secure zip” payloads, and provide non-repudiation to the AS1, AS2 and AS3 protocols. The[..]