File Transfer Protocol (FTP) is a popular mechanism for z / OS users to exchange files over TCP / IP networks. However, FTP was not designed to be a secure protocol and does not take precautions to protect the information transmitted during a session. This security weakness can lead to the misuse or loss of crucial data from mainframes during data transport. FTPS and SFTP are secure alternatives to FTP that can mitigate data risks by enabling more secure encrypted data transmissions.
FTP on z / OS
File Transfer Protocol (FTP), first defined in 1985 by RFC 959, is the standard and most widely used TCP / IP application for transferring files between z / OS and other operating system platforms. An FTP client and server are part of the basic functions of z / OS Communications Server. FTP on z / OS transfers MVS data sets and easily handles the conversion between ASCII and EBCDIC. However, z / OS FTP lacks a proper management mechanism and can easily be misused. Unmanaged FTP is not secure as it transfers data between the client and the server without encryption. That means all sensitive information – username, password, files, and commands – are transferred in clear text, making it easy for intruders to retrieve and read the information.
FTPS on z / OS
FTPS is the regular FTP protocol extended with network security features for authentication, data integrity, and data privacy. This is done by encrypting the data with SSL / TLS (Secure Socket Layer / Transport Layer Security; TLS is simply the later version of SSL). Simply put, FTPS is protected by FTP with an extra layer for all transmissions. FTPS supports password authentication and X.509 certificates. It also supports Kerberos encryption. However, because FTPS encrypts the command channel, it can be difficult to use behind firewalls.
SFTP on z / OS
The Secure Shell (SSH) file transport protocol is supported by z / OS using several tools: IBM Ported Tools OpenSSH and Tectia ™ clients and servers, for two examples. SFTP provides a command set similar, but not the same, as the FTP command set. It uses the SSH protocol to provide encryption and connection management. SFTP is common on Linux and Unix platforms. For SFTP support on z / OS, you must install SFTP clients and servers. By rewriting batch jobs, z / OS FTP clients and servers can pass some data transfers through SFTP clients and servers, thus transmitting data through secure SSH “tunnels”. That conversion can also be automated by installing software that “wraps around” the z / OS FTP client and routes transfers through SSH proxies.
Advantages of SFTP
FTPS support is built into the z / OS platform. It handles MVS data sets, ASCII-EBCDIC and JES translation. However, SFTP is technologically superior: it encrypts and compresses the transfer data. Provides a more sophisticated checksum mechanism to protect against data corruption in transit. And multiple application channels are multiplexed over a single port, making SFTP more compatible with firewalls.