Cerberus FTP Server offers advanced security features, making it the go-to choice for industries such as health care, finance and government that require stringent data protection measures.
Ensuring Perfect Forward Secrecy on all connections requires activating FIPS 140-2 mode and using validated encryption ciphers, as well as regular password expiration and history restriction to reduce risk from compromised credentials.
Encryption Ciphers
Cerberus FTP Server supports multiple encryption ciphers with different strengths and security levels for added protection and compatibility with older clients. You can enable any combination of ciphers that best suit your security requirements or preferences, or enable all available ciphers for maximum versatility.
Which ciphers you enable will depend on which key exchange algorithms you prefer; some ciphers support Perfect Forward Secrecy while others don’t. Use the Security Settings page to configure your desired ciphers, key agreement methods, and security features.
FTP over SSL protects your data by encrypting it at both ends, making it virtually impossible for attackers to intercept what you’re sending over. For optimal protection, consider choosing to encrypt with at least 256-bit encryption while employing key exchange protocols that offer Perfect Forward Secrecy key exchange protocols.
Certificate authentication can help protect FTP servers by requiring clients to present a valid certificate before being allowed to make an FTPS or HTTPS connection to it. This helps prevent spoofing attacks that force servers to constantly probe for vulnerabilities before responding with garbage data in an effort to exploit them.
Add another layer of security by protecting your FTP servers with a firewall. By activating this option, you can limit access to your Cerberus FTP Server by restricting which IP addresses may connect with it – an effective defense against DoS attacks in which attackers flood a server with connection attempts to overwhelm its resources and deny legitimate users from accessing their files.
Cerberus FTP servers allow for geoblocking features to restrict which geographical regions may access them – this feature can help protect against attacks that come from outside your country and target specific organizations or customers. In addition, DDoS protection tools can detect and mitigate these attacks automatically blocking connections that exceed an established number of attempts before any damage can occur.
Hash/MAC Algorithms
Cerberus FTP Server uses hash and MAC algorithms to protect data during transmission, using encryption with a secret key as well as integrity verification checks to ensure data has been transmitted without being altered during transfer. By default, Cerberus FTP Server utilizes more secure ciphers and HMAC algorithms that use stronger encryption ciphers and HMAC algorithms in order to reduce any risks of data compromise and ensure your organization’s data stays safe during transfer.
Use the Server Manager to easily setup and enable SFTP listeners on your firewall or router for incoming connections using port 22 by default. When added, these listeners are accessible for connection by client programs.
If you wish to limit who can connect to your SFTP server, set up authentication and authorization in Server Manager to prevent unauthorised access by requiring either a user ID and password or public key certificate in order to establish an SFTP session. This can prevent unwanted connections being accepted from certain hosts that do not possess these credentials.
When creating an SFTP account, you have the ability to select which password hash algorithm is used for storage hashes. This choice will determine the cipher and bit strength used when future logins take place; existing hashes will remain intact even if you switch storage hash algorithms later on.
Administrators can utilize both Server Manager security profiles and advanced FTP server settings to enforce 256-bit Perfect Forward Secrecy for both FTPPS and SFTP connections, requiring at minimum an SHA256 hash value for each connection.
Make sure your SFTP and FTPS servers use only the strongest ciphers and SSL/TLS protocols available, creating custom certificates using Server Manager if possible to enhance cryptography for data protection. Geoblocking measures may help limit server availability by only accepting connections from certain IP ranges; geoblocking may help prevent DoS attacks which use excessive traffic to overwhelm servers by exploiting vulnerabilities.
SSL Certificates
Cerberus FTP Server supports SSL certificates to securely encrypt file transfer sessions with clients. By using these SSL certificates, FTPS, FTPES and SFTP connections are protected against eavesdropping attacks as well as HIPAA compliance requirements for the file transfer environment. Incorporating FIPS 140-2 validated encryption ciphers demonstrates your FTP Server’s high security standards, increasing client confidence that data transmitted over encrypted connections remains intact and secure.
To use SSL certificates with Cerberus FTP Server, first import them into its personal store. Next, link them with FTP services so they will encrypt and secure FTPS/SFTP connections.
Cerberus Configuration panel’s Default Key Pair settings offer you the capability of creating, exporting and editing keys for your SSL certificate. Cerberus supports five key types – RSA, DSA, Edwards Curve ECDSA and Ed25519. Clicking any one of them will load them onto an FTP server for use.
Note that when loading digital certificates into the Cerberus FTP Server, their private keys must be associated with them to decrypt SSL packets sent between client and server. To specify your private key’s path in Cerberus Configuration panel’s Private Key Path field. It should correspond with the key you used when creating CSR codes during initial SSL Certificate setup.
Once you have a valid SSL certificate, FTPS and SFTP over SSL can be enabled by switching the SSL/TLS slider in FTP Server Manager to On. Next, launch a session that supports FTPS/SFTP over SSL with one of these clients, and verify a successful connection by looking for a green padlock icon in browser address bars; without this indicator of encryption your information could easily be intercepted; to keep everything safe always make sure your SSL certificates and private keys remain up-to-date!
Port Forwarding
When devices or applications communicate across the Internet, they use ports to identify themselves. For instance, file transfer protocol (FTP) servers often utilize port 21 while web sites tend to utilize port 80. Firewalls and NAT, among other network security measures may filter or block certain ports making it harder for local devices to connect.
Port forwarding can be invaluable in such circumstances, enabling you to open specific ports on your router to specific machines within your private network – making it possible to host public FTP servers, grant secure shell access from outside, play online games with others via direct connection and more.
First, identify which ports require forwarding. Start by reviewing Cerberus FTP Server’s configuration settings to identify FTP and SFTP ports it listens for in its configuration settings, as well as any others needed for P2P programs or direct connections to game servers. Once you know which ones you must forward, use the Getting Started Wizard to set up your router/firewall so they forward these ports directly to where Cerberus runs on its host machine.
Finding the appropriate type of forwarding can be confusing, as each device or application uses its own set of ports. To help make things simpler, the Getting Started Wizard offers some advice so that your data connections are equally balanced between active and passive connections.
Ascerberus FTP Server can help to protect your network in many ways, including creating strong passwords with best practices in mind and configuring firewall and router devices properly for safe file transfers. If you require assistance or additional details please reach out!
