Fully managed FTP, FTPS and SFTP Server Hosting in the Amazon, Microsoft or Google Cloud.

Security model details

HostedFTP implements a security model that ensures that all files and metadata including filenames, folder names, and field names are encrypted in transit, on arrival at our SaaS application at the AWS site and at rest in AWS S3 storage. No data/metadata is exposed in any way; an exclusive design capability of HostedFTP.

hosted ftp saas security model

Security Implementation – How security is built into the service

HostedFTP was built with security in mind from the ground up:

  1. File encryption – all customer files are encrypted both in transit and at rest. When you transfer files by HTTPS or FTPES, the files are encrypted in transit by TLS/SSL. When you transfer files by SFTP, the files are encrypted in transit by SSH. As each byte of a file is uploaded from the end-user to the FTP server, it is encrypted in memory using AES 256 bit encryption before it is written to the EBS storage volume. Once the full file is received, it is securely uploaded to S3 for permanent storage. The same process holds in reverse when downloading a file. The requested file is downloaded securely from S3 to EBS. The FTP server accesses this encrypted file from EBS, decrypts the files, and streams the decrypted bytes down to the end-user as requested. At no time does an unencrypted file touch a disk or storage volume.
  2. Database encryption – customer meta-data stored in RDS is manually encrypted at a database column level using AES 256 bit encryption. The Enterprise Java web application is responsible for encrypting data before it is stored in the database and for decrypting data when it is retrieved from the database.
  3. Encryption keys – customers own their own encryption keys. AWS does not have access to the encryption keys and cannot decrypt files from S3 or meta-data from RDS.
  4. Network access – network ACLs are used to limit inbound and outbound traffic to your subnets. The principle of least/minimal privilege is used when configuring the ACL.
  5. Firewalls – VPC security groups are used to limit inbound and outbound traffic to your EC2 instances. The principle of least/minimal privilege is used when configuring the security group.
  6. AWS account segmentation – by placing your infrastructure in a separate AWS account from all other customers, there is an immediate segmentation between customers. This removes the possibility of an incorrect security setting allowing infrastructure from one customer inappropriately accessing infrastructure from another customer.

 Data Management – How is data stored, protected, archived, backed up, and CURD operations are managed

As a part of our security implementation, there are two primary types of data:

  1. Files – stored in S3
  2. File and user meta-data – stored in RDS
  • The files themselves are encrypted with AES 256 bit encryption before being written to any EBS storage volume and before being uploaded to S3. The meta-data is also encrypted with AES 256 bit encryption before being written to the database.
  • Access to S3 is limited via S3 bucket policies and (Identity and Access Management) IAM role permissions. The S3 bucket itself is given a bucket policy that restricts access to only the elastic/static IP address(es) assigned to your EC2 server(s). Further, these EC2 servers are configured to run under a single IAM role. This IAM role provides read and write access to the S3 bucket containing your files, but no list or delete permissions. Combining these 2 security features ensures that only your authorized EC2 servers running on known static IP addresses will be able to access the file in your S3 bucket.
  • Access to RDS is limited by a firewall/security group. Only the EC2 servers running the enterprise java web application under static IP addresses are permitted through the database’s firewall. Further, the MySQL connection is protected by a strong password.

From https://aws.amazon.com/s3/:

“Amazon S3 runs on the world’s largest global cloud infrastructure, was built from the ground up to deliver a customer promise of 99.999999999% of durability. Data is automatically distributed across a minimum of three physical facilities that are geographically separated by at least 10 kilometers within an AWS Region, and Amazon S3 can also automatically replicate data to any other AWS Region.”

We pass along the S3 guarantees of durability and reliability as stated above. In addition, we store all of your files in a second S3 bucket that belongs to a separate AWS account and is created in a different AWS region.

For RDS we use automated backups, database snapshots, and multi-az deployments to provide the highest levels of availability and durability. Please refer to https://aws.amazon.com/rds/details/ for more information on these features.

Getting Started
Signing up for a Free Trial
Basic steps to Setup
Purchasing your account
Choosing the right account type: Enterprise and SMB
Logging into your account
Logging in with a Web Browser
Logging in with an FTP/FTPS/SFTP Client
Logging in by FTP URL with Username and Password
Reset and change your password
Administrator Initial Setup
Audit logs for logins and file transfers
Enable audit logs for login and file transfers
Accessing and viewing your audit logs
Branding
Adding branding to your account
Branding Contact Logins
DNS Configuration for faster transfer speeds
Web Interface
Home Tab
Files Tab
Contacts Tab
Users Tab
Plugin Tab
Setup Tab
Adding a User or Contact
Adding a Contact by Email Address
Add a User by Email Address
Add a User by Username
Using Groups
Administrator Access to User Accounts
Mail
Using the send function to send files through secure email
Using the receive function to receive files through secure email
Creating contact lists for bulk emailing
HostedFTP email notification IP addresses
Account setup PDF Guides (*.pdf)
Shared Folders
Configuring for Restricted Shared Folders (FUSN)
Creating Folder Structures for Sharing
Detailed Steps to Sharing Files/Folders
Managing Shared Folder Privileges
Add real-time notifications to uploads/downloads
Anonymous Access
Creating A Public Link
Anonymous Sharing Use Case
Anonymously Sharing Files and Folders
Transferring Files
Uploading Files by Web Browser
Uploading Files by FTP Client
Download your FTP/SFTP server files from any browser
Download files with an FTP client
Website Plugin
Web Plugin Overview and Guide
Plugin Brand Customization
Embed the Plugin into Your Website
Adding Additional Security (CAPTCHA, Password)
Security and Compliance Info
Security Model Overview
Security Model Details
MFA (Multi-Factor Authentication)
Add IP whitelisting
Enabling a Password Policy
Certificate & Host Key Info
SSL Certificate Info
SSL Server Test
FTPS Host Keys
SFTP (RSA/DSA) Host Keys
Configuring PKI Support
Compliance Info
GDPR
WCAG 2.0
SOC2
CJIS
HIPAA
Bundle Features
Group, Enterprise, T2, T5 bundle features
Different user types and function comparisons
Difference between users and contacts
Integrating the Upload Plugin into your Website and Business
Drag & Drop
Hosted FTP Drag & Drop
Enabling Drag & Drop on Legacy IE Browsers
Account Management
Purchasing your account
Payments & Billing
Choosing a payment plan
Renewing an expired account
Changing a Payment Plan
Changing Credit Card Information
Reviewing billing statements
Trial Account Limits
Activated Account Limits
How is Storage Calculated?
Reviewing account resources and usage
Switching Account Bundles
Changing the Account Administrator
Cancelling an Account
FTP/FTPS/SFTP Connections
Hosted~FTP~ IP Addresses
Connect with Plain FTP
Connect with Secure FTPS/SFTP
Connecting with an FTP Client
FTP vs FTPS vs SFTP
Command Line (CLI)
How to connect to your remote site using the command line
How to login to SFTP with one line on Linux
Understanding FTP commands in the command line
Connecting through SFTP by Command Line (CMD)
Using PKI keys to connect to Hosted~FTP~ on linux
Importing PuttyGen PKI Keys to Linux
FTP/FTPeS command line error codes and their meaning
Windows Network Locations
Add Network Location Windows XP
Add Network Location Windows 10/8/7
MAC
Connecting from a Mac Computer Terminal
FileZilla
Using Filezilla with FTP/FTPS
Using FileZilla with SFTP
WebDrive
Connecting to WebDrive
Using WebDrive
WinSCP
Installing WinSCP
Uploading & Downloading with WinSCP
WinSCP Scripting
Executing WINSCP script from a saved site
Executing WINSCP script without a saved site
Transfer new and updated files only
Backup Scripts with WinSCP
Keep Folders up to date
AndFTP
Uploading & Downloading with AndFTP
Searching, Resume Support & Third-party Sharing with AndFTP
FTP, SFTP Use Cases in Industries
EDI document transfers
Integrating the Upload Plugin into your Website and Business
Accounting
Technology
Energy
Healthcare
Printing
Media
Analytics
Retail
Architecture
Finance
Legal
Construction
Education
Engineering
Insurance
Manufacturing
Real Estate
Call Center
Best Practices
Use Cases
Exporting EDI files to FTP for download
User Optimization
Create a Managed User
Giving a User Read-only Access
Giving a User Full Access
Default FTP Folder Destination
Set a 0GB Storage Quota
Importing Multiple Users & Shared Folders
Importing Users in Bulk – Syntax and Definitions
Importing Restricted Shared Folders in Bulk – Syntax and Definitions
Detailed Steps and Example Templates for Importing
Exporting a User List
Force Secure FTPS/SFTP Connection on Users
Combine multiple audit logs
Managing FTP Files and Storage in your Account
Moving Files from a User to an Administrator
Video Tutorials
QuickStart
FUSN
Branding
Web Interface
Home Tab
Files Tab
Web Plugin
AndFTP
AndFTP – Connecting, uploading and downloading
AndFTP – Searching, resume support and third-party sharing
WinSCP
WinSCP – Downloading, Installing and Understanding
WinSCP – Connecting with FTP, FTPS, SFTP, uploading and downloading
WinSCP Backup Script
CyberDuck
Cyberduck– Connecting with FTP,FTPS, SFTP, Uploading and Downloading
Cyberduck– Quick Look, Transfer Queue and Synchronizing
Cyberduck – Bookmarks, Editing and using Multiple Connections
FileZilla
FileZilla -Downloading, Installing and Understanding FileZilla
FileZilla – Connecting with FTP, FTPS, SFTP and uploading and downloading
FileZilla – Importing/Exporting Site Connections, Editing and Logs
FileZilla Tools – Bookmarking, Searching, using Multiple Connections
Our FTP Client Reviews
Desktop FTP Client Summary
Mobile FTP Client Summary
PSFTP Review : Our Rating 7.5/10
NetDrive Review: Our Rating 8.5/10
Filezilla Review: Our Rating 9/10
AndFTP Review:Our Rating 7.8/10
ES File Manager Review: Our Rating 5/10
FTP Ready Review:Our Rating 5/10
FTP On The Go Review:Our Rating 8/10
CyberDuck Review: Our Rating 9/10
Classic FTP Review: Our Rating 8/10
WebDrive Review: Our Rating 9.5/10
Fling FTP Review: Our Rating 9/10
SmartFTP Review: Our Rating 7/10
MultCloud Review: Our Rating 10/10
Troubleshooting
Error: QUOTA_USER_STORAGE or QUOTA_USER_BANDWIDTH
FTP/FTPeS command line error codes and their meaning
Troubleshooting FTP in the command line and common errors.
No matching host key found
Storage Quota Notification: Remedial action
Troubleshooting FTP in the command line and common errors.
Troubleshooting "Can't verify publisher"
Troubleshooting Drag and Drop
Drag and Drop Troubleshooting for Mac
Troubleshooting FTP/SFTP client connection problems
Troubleshooting slow upload speeds on Windows
No matching host key found
File not visible to admin
File uploaded successfully but not visible in account
Usernames – Guidelines and Restrictions
Release Notes
New Release Communique
Schedule Maintenance Overview
Download Center
Contact Sales & Support
Joining GoToMeeting by Browser
Joining GoToMeeting by Client
Bitnami