I have been asked on numerous occasions to help a client find a way to transfer files securely. The first thing a client will mention is just the use of FTP. I then have to explain how ftp sends both the username and password in clear text. I often demonstrate how easy it is to sniff the username and password by using ethereal and my local ftp server. Once someone sees this they tend to stop using ftp. One problem with this little conversation is the lack of secure ftp servers out on the market. I have used about 4 different ones, and finally settled on one that meets both the reliability and demands I have. Secureftp3 from globalscape (www.globalscape.com), the makers of the cute ftp program is my current choice.
It allows for the use of all secure ftp protocols (ssh, ssl over ftp, ssl passive, etc..) . One other key factor is that you can integrate into Active Directory. This is a feature that many ftp servers really lack. A drawback to this program is not necessarily due to the selection of the globalscape product but all secure ftp servers. They tend to require the use of their own ftp client. While the client is typically inexpensive, purchasing a client for all users can get very pricy. So I have made the decision to only use one standard ftp client (Filezilla) , it works with all secure ftp servers and also any version of ssh. The key reason was the price. Filezilla is free, you can download both the app and the source over at sourceforge. It has all the features, of any client I have seen and also has some extra ones.
