Cerberus FTP Server is an easy and straightforward secure file transfer server, ideal for handling thousands of connections simultaneously transferring large files. Properly configured and with sufficient network bandwidth, one instance can support thousands of connections simultaneously transferring large files.
Encryption ciphers provide data security during transmission while HMAC algorithms ensure file integrity during transfer. We advise activating these reliable cryptographic algorithms.
Advanced Security Options
Cerberus FTP Server features several advanced security settings to safeguard data transfers and comply with regulations like HIPAA and FERPA. Administrators can configure specific criteria into these advanced settings for customizing Cerberus’ behavior as an FTP server.
Enable FIPS 140-2 Mode
When activated, this setting restricts encrypted connections to using only FIPS 140-2 compliant ciphers approved by the National Institute of Standards and Technology (NIST), thus protecting against attacks exploiting an SSL Renegotiation Denial of Service vulnerability known as CVE-2011-743.
Amount of Time Before Passwords Expire With this setting enabled, password expiry will occur after a specified period since last login has elapsed, protecting users who haven’t logged on recently from being able to gain entry and preventing malicious parties from reusing passwords for malicious reasons.
Cerberus FTP Server allows administrators to customize which authentication sources Cerberus will utilize for user authentication purposes. Current options include Native User System, Active Directory (AD), and LDAP servers; when multiple are present Cerberus will check them one at a time until successful login authentication occurs or all available sources have been exhausted.
Cerberus FTP Server allows Certificate Verification
By activating this option, Cerberus FTP Server can verify certificates presented by remote clients during FTPS, FTPS-over-SSH, and HTTPS transactions. Certificate verification uses public key cryptography to confirm that an issued certificate comes from a reliable party preventing intercepted and altered data in transit.
Administrators can set a value between 1 and 1000 to specify how many issuer certificates Cerberus should trust when validating remote host certificates, making this feature particularly helpful in environments with extensive certificate chains.
Administrators have the option to enable or disable this setting so that all log files will automatically be deleted when Cerberus SFTP Server is closed down, helping reduce disk space consumption on FTP Server and saving disk space when used in environments with strict auditing policies.
FIPS 140-2 Mode
Cerberus FTP Server allows organizations dealing with sensitive information, like government data or HIPAA records, to adhere to stringent security standards. By enabling FIPS 140-2 Mode, encrypted connections only use ciphers validated as compliant by NIST; this helps minimize risks related to data compromise while aligning your servers with industry best practices.
Cerberus offers an SSL Certificate Verification feature to verify the authentication and validity of FTP clients used for file transfers by enabling Cerberus’ SSL Certificate Verification feature. Cerberus compares the public key provided by an FTP client against serial numbers in its CA Certificates File to prevent unauthorised access if an expired or revoked certificate exists in CA Certificates File, thus protecting users from potential security risks caused by unauthenticated FTP clients.
Secure file sharing through FTPES, SFTP or HTTPS using 128-bit or 256-bit Perfect Forward Secrecy (PFS). When selected from your Server Manager security profiles, Cerberus servers only accept connections if both clients support PFS.
Administrators can use Server Manager’s Key Management panel to generate host keys, export public keys, edit loaded keys and delete keys as desired. At present, this feature supports five types of key types including RSA, DSA, ECDSA EdDSA 25519 and EdDSA 448.
Enable FIPS Mode in Server Manager > Security > General tab. Doing this ensures all FTPS and SFTP connections are protected using strong encryption using FIPS-validated ciphers from the list you selected; however, doing this may reduce compatibility with certain FTP clients as only FIPS compliant ciphers can be used.
Cerberus FTP Server can be combined with Netsurion Open XDR for enhanced security and compliance capabilities, monitoring activities such as file uploads/downloads, user logins/logoffs, password expirations dates and disabled accounts. You can view these activities via a dashboard which highlights potential issues like blocked IP addresses.
Two-Factor Authentication
Two-Factor Authentication (2FA), available on Cerberus FTP Server, provides additional layers of security by requiring users to provide both something they know (such as their password) and something they possess ( such as an authenticator app) when accessing accounts on our file server and web client. By adding Two-Factor Authentication to native user accounts on our file server and web client, adding Two-Factor Authentication provides extra protection that keeps data safe.
FTP encryption is key to keeping files and communications private, and Cerberus FTP Server provides that functionality through all major file transfer protocols – FTPS, SFTP, SSL/TLS, SSH2 and HTTP/S – as well as person-to-person file transfers with unique expiring public links to folders or files. In addition, Cerberus FTP Server features IP Manager Auto-Blocking as well as protocol-based login restrictions to prevent unauthorized connections.
Strong passwords and an effective password policy are vital in safeguarding any file server, and Cerberus FTP Server utilizes a robust hash algorithm called PBKDF2-HMAC-SHA256 to prevent reuse of compromised passwords.
Unencrypted FTP transmissions leave sensitive data vulnerable to inspection and modification during transit, leaving Cerberus FTP Server susceptible to such attacks. By default, Cerberus disables unencrypted FTP, while to ensure maximum protection it is recommended using TLS ciphers with Perfect Forward Secrecy functionality to shield conversations from being intercepted during transfer.
An integral component of an effective password policy is requiring users to update their password regularly – forcing password resets every 90 days will reduce compromised credentials in your system and ensure users understand its value. Communication and education on the value of strong password policies must be ongoing, though.
Web Admin Console
Cerberus FTP Server is an extremely flexible and user-friendly secure file transfer server. Suitable for on-premise use or cloud virtual servers like Amazon Web Services (AWS) and Microsoft Azure, its hosting offers flexibility, scalability and high security levels. To get started with a hosted solution on AWS or Azure, the first step should be choosing an instance that meets minimum requirements (i.e. 2 CPUs and 4 GiB of RAM).
Once your server has been launched, you can then access it through its Web Admin Console via the URL displayed here. When logging in using standard Windows login username and password credentials, the Web Admin Console will display current server status including any alerts generated from Netsurion Open XDR data source integration such as Blocked IP information, User Account Blocked information or Password Expiry details.
The Web Admin Console gives you access to configure your server’s primary administrator account. This account is used for basic authentication on both Web Administration page and remote application programs that use SOAP web services API, in addition to being granted permission to start/stop Windows service, connect to GUI user interface and manage any graphical user interfaces that might exist on it.
On this screen, you will also have the opportunity to select which ports should be accessible for each protocol your users will use – this includes SFTP Passive Port Ranges, FTP over SSL Port 990 and any additional ones specific to that protocol(s). Furthermore, firewall rules can also be added if any ports become inactive for some reason.
Once your server is set up, the final step should be to close your Web Admin Console by clicking the diskette icon in the upper-right corner. This will terminate both Windows Services and close down its user interface. For any further assistance please reach out to Netsurion Support Team at [email protected]
