|
|
|
|
|
Web browsers and no cost/low cost secure FTP clients can quickly, easily, and securely exchange files with MOVEit over encrypted connections using the HTTP over SSL (https), FTP over SSL (ftps) and FTP over SSH (sftp) protocols. And all files received by MOVEit are securely stored using FIPS 140-2 validated AES encryption, the U.S. Federal and Canadian government encryption standard.
In addition, a web interface offers easy online administration and monitoring of MOVEit activities while a programmable interface (via MOVEit API Windows and MOVEit API Java) makes MOVEit accessible to custom applications.
MOVEit includes an optional MOVEit Wizard plug-in that works with Internet Explorer, Firefox and Mozilla to help web-based users to quickly upload and download large and/or multiple files and folder trees to and from MOVEit. There is also a Microsoft Outlook plug-in that users can use for Ad Hoc Transfer.
Encryption capabilities throughout the MOVEit product line are provided by MOVEit Crypto, a compact and fast dynamically-linked library. The AES encryption in MOVEit Crypto has been FIPS 197 validated. The entire cryptographic module has been FIPS 140-2 validated after rigorous examination by cryptographic specialists in the United States' National Institute of Standards and Technology (NIST) and Canada's Communications Security Establishment (CSE).
MOVEit also has an approved Certificate of Networthiness (CoN) from the United States Army. This certification involves a review of how MOVEit meets Army requirements for network security, integration, interoperability, and ease of management and support.
The MOVEit software itself resides on a Microsoft Windows Server platform hardened against threats from the Internet and trusted networks. Organizations that need to support very large volumes of file transfers and/or many users may require additional hardware, but for many organizations the minimum recommended specifications of a MOVEit should suffice:
The latest production recommendations can be found in the online Support Knowledge Base.
In a typical network topology MOVEit is best located on a secured "DMZ" segment accessible to both internal and external users."DMZ" is short for DeMilitarized Zone - a network "no man's land" where both internal and internet hosts are allowed to connect. By default, connections originating from a DMZ network segment are not to be trusted and are usually not allowed unless there is a compelling case to allow a particular service through.
Web and secure FTP clients can upload and download files to MOVEit from internal and external networks. For security reasons, MOVEit is NOT permitted to establish connections with or push files to systems on either your internal network or on an external network. (If a "proxy push" or "proxy store-and-forward" solution is desired, MOVEit Central can be used with MOVEit to fill this role.)
There are three areas where files are at risk when transferred between an external network (such as the Internet) and your internal network:
Most secure Web and FTP file transfer products reside on a system in a DMZ and use industry-standard SSL or SSH to provide secure transfers between the Internet and DMZ. (MOVEit does as well.) Unfortunately, that is as far as most products go; they fail to secure files stored on the DMZ (at risk if the DMZ box gets hacked) and fail to secure files being transferred between DMZ and MY ORG (at risk if a hacker sets up a sniffer inside the DMZ).
MOVEit secures all three areas by using SSL/SSH-encrypted transfers for ALL transfers and by using FIPS 140-2 validated AES encryption to secure files on disk.
In addition, only MOVEit offers complete end-to-end file integrity over FTP. In other words, files transferred with secure FTP or web clients which support file integrity checks through the MOVEit system can be proven to be 100% identical to their source files through the use of SHA-1 cryptographic hashes. (When combined with authentication, complete file integrity provides non-repudiation.)