In previous posts we’ve mentioned that you’re able to improve the security of your StingRay with the implementation of an SSL certificate.  We’re happy to say that a number of customers have taken up this option and are now able to provide secure file transfer for both HTTPS file upload and file download, in addition this extra security level is also then utilised in the Email Hyperlink file sending option.

Example of HTTPS enabled StingRay server

If you would like to provide this extra level of security for your customers, you’ll need to purchase an SSL certificate from one of the major suppliers and arrange for us to securely update your server with the certificate.  In the example above you can see this customer has not only secured their server, but done a great job of customising the interface and have set up an A-Record* to make it even more simple for their customers to upload files.

*A-Record - is the server name, in this case ’stingray’, in front of their domain name which forwards to the external address IP of the StingRay or firewall/router.

Bookmark It

Since we released version 2.6 of StingRay file transfer server we’ve had a great uptake in those customers wanting to provide additional security for their customers when sending/receiving files, i.e. using HTTPS via a web browser.

Given that understanding SSL Certificates and the differences between self assigned and those purchased from a reputable supplier isn’t necessarily straight forward, I thought I’d provide you with a brief outline here.

Filling in the site information page as instructed in the ‘New Features in 2.6 Guide‘ will enable your StingRay to generate a Self Assigned SSL Certificate.  This certificate will provide you and your users with the ability to use SSL to upload and download files via a web browser.  You’ll also need to switch on HTTPS in the Network Configuration page under Web Access otherwise the StingRay will continue to use standard HTTP.

Now that you have SSL enabled you’ll be able to securely share files, but there is one major drawback with Self Assigned certificates - recent web browsers don’t trust them and flag it up to the user, in some annoying cases too often.

Internet Explorer doesn't like self assigned SSL Certificates

Obviously when providing a solution for your customers, staff, branch offices etc to send you files you don’t want any barriers in the way or more to the point to look like you don’t know what you’re doing.  In this case you’ll need to purchase an SSL certificate.  StingRay’s external web interface runs on Apache Server so we’d recommend if you want to purchase a certificate you do so from one of these preferred SSL Certificate suppliers.

Once you have this certificate you’ll need to contact us to assist you with uploading it into your server as there currently isn’t an option to upload your own through the web interface.  As a maintenance customer you’ll get this service free of charge - for other customers this will be provided as part of your 2.6 upgrade.

Whilst we’re on the point of creating the certificates its worth pointing out that you’ll need to register it to a host name.  Many people set up host names (or A records) for their StingRay as people better understand and remember names than IP addresses, for example our StingRay is accessible by both http://217.36.243.171 and http://stingray.pro2col.com but the later is much easier to remember.

You can pretty much use whatever host name you want but we generally recommend using stingray.domain.com.  Its really important to make sure that when you’re doing this you DON’T use the host name ftp.domain.com as this will cause most web browsers to think that you want to use FTP and result in the web browser doing something like this below, rather than presenting a nice graphical interface for you to transfer files.

FTP protocol through a web browser

I hope this helps you to understand a little better how to get the best out of your StingRay.  If you’ve got any questions make sure you give our sales or support teams a call on +44 (0) 333 123 1240.

Bookmark It

I read with interest yesterday an article by Meg Suggs about Managed File Transfer.  To paraphrase the article Meg suggests that “Managed File Transfer is replacing FTP servers” as the solution of choice.

It got me thinking about what it was about Managed File Transfer that businesses wanted or needed?  First off Managed File Transfer is defined by Wikipedia as:

“Managed File Transfer (MFT) refers to software and hardware technologies that enable “secure and reliable exchange of documents between organizations.” In broader terms, Managed File Transfer suites enable organizations to automate, manage and secure the exchange of large volumes of data between two or more entities.”

So why the shift to Managed File Transfer?  Well I think Wikipedia sums it up pretty clearly, its a way of providing a little more management, automation and security throughout the file transfer process than you’d achieve with a standard FTP server or email for that matter.

Interestingly Meg also referred to an article written early last year about the inadequacies of standard FTP servers and how “an illegal database containing more than 8,700 stolen File Transfer Protocol server credentials including usernames, passwords and server addresses was found. The stolen information belonged to companies from around the world and the database allowed for anyone to purchase those credentials and use them to launch malicious attacks against the compromised systems”.

With information readily available on the Internet providing individuals with the opportunity to create havoc and bring down complete company IT infrastructure it begs the question, why do companies take the risk by implementing cheap file transfer solutions when the potential cost to their business is so huge?

In addition to the security considerations the business process should also be taken into account.  Long gone are the days when file transfer was a standalone function.  File Transfer should be fully intergrated with other processes within the business providing greater automation and efficiency.  As file transfer becomes more integrated its even more important that the information transmitted and stored is done so securely.

For those interested StingRay Managed File Transfer Server ticks all of the boxes and more information can be read here.

Bookmark It