Introduction

Welcome to the County of San Bernardino FTP solution. This service provides comprehensive, integrated, standards-based solutions for secure handling of sensitive information, including financial files, medical records, legal documents, and personal data.

This FTP solution safely and securely collects, stores, manages, and distributes sensitive information between the County and external entities. Web browsers and no cost/low cost secure FTP clients can quickly, easily, and securely exchange files with FTP over encrypted connections using the HTTP over SSL (https), FTP over SSL (ftps) and FTP over SSH (sftp) protocols. And all files received by through FTP are securely stored using FIPS 140-2 validated AES encryption, the U.S. Federal and Canadian government encryption standard.

This solution includes a FTP upload/download wizard plug-in that works with Internet Explorer, Firefox and Mozilla to help web-based users to quickly upload and download large and/or multiple files and folder trees to and from this environment.

The AES encryption in the FTP environment has been FIPS 197 validated. The entire cryptographic module has been FIPS 140-2 validated after rigorous examination by cryptographic specialists in the United States' National Institute of Standards and Technology (NIST) and Canada's Communications Security Establishment (CSE).

Web and secure FTP clients can upload and download files to the FTP environment from internal and external networks. For security reasons, the FTP environment is NOT permitted to establish connections with or push files to systems on either your internal network or on an external network. If a "proxy push" or "proxy store-and-forward" solution is desired, ISD has another solution that can be used in conjunction with the FTP environment to fill this role.

Security Advantages Over Other "Secure FTP" Solutions

There are three "areas" where files are at risk when transferred between an external network (such as the Internet) and your internal network:

Most secure Web and FTP file transfer products reside on a system in a DMZ and use industry-standard SSL or SSH to provide secure transfers between the INTERNET and DMZ. Unfortunately, that is as far as most products go; they fail to secure files stored on the DMZ (at risk if the DMZ box gets hacked) and fail to secure files being transfered between DMZ and you (at risk if a hacker sets up a sniffer inside the DMZ).

ISD's FTP environment secures all three areas by using SSL/SSH-encrypted transfers for ALL transfers and by using FIPS 140-2 validated AES encryption to secure files on disk.

Accessing the FTP environment

"Client" access to MOVEit DMZ is available through several interfaces, including HTTPS, FTP over SSL, and FTP over SSH.

The built-in web interface provides access to anyone with a desktop web browser (see the complete list of supported browsers).

Also available through the web interface, the optional FTP Upload/Download Wizard provides for faster and more reliable file transfers using the web than are normally available through "stock HTTP". The FTP Wizard is also supports file integrity checking.

A secure FTP interface is also available for people or programs with secure FTP clients.

More information about these clients and the dozens of third-party clients which can also be used to securely exchange files with the FTP environment can be found in the "Client Support" document.