Transfer Encryption is a process of transferring data (e.g. files) over the network using a secure connection. Secure communication protocols such as TLS (Transport Layer Security), SSL (Secure Socket Layer), SSH (Secure Socket Shell), HTTPS (Hyper Text Transfer Protocol over SSL/TLS) are used to encrypt the communication between two systems.
Transfer Encryption is different from File Encryption. File Encryption (or Encryption At Rest) is used to encrypt the data stored on a device, whereas Transfer Encryption is used to encrypt the communication when transferring data between a client and a server over a network. Both File Encryption and Transfer Encryption are essential security measures to protect the privacy and integrity of data in transit and at rest.
SyncBack supports secure file transfer between a client and a server through FTPS, SFTP and HTTPS technologies.
FTPS is an extension to FTP, which is a widely used protocol in file transfer. With FTP, the connection is not encrypted so the data transferred can be easily read or modified by hackers.
FTPS solves this problem by encrypting the connection using Transport Layer Security (TLS) or Secure Socket Layer (SSL) network protocols, so that the data or credentials transferred over the network can’t be intercepted or read until it reaches its destination. This protects the data from eavesdropping or any other network-level attacks.
FTPS works in two modes – Implicit and Explicit. In Implicit mode, a secure encrypted connection is established between client and server using SSL/TLS from the beginning of the FTP session. Explicit mode (also known as FTPES) allows clients to establish an unencrypted connection at the beginning of the FTP session, and later converts it to an encrypted connection when transferring sensitive data.
1. Create an FTP profile using Profiles > New wizard.
2. In the ‘FTP connection details’ page, enter the hostname/I.P. Address, Username and Password to connect to your FTP server. Test the connection and click on Done button to close the profile creation wizard.
3. A Profile setup window will appear. Go to Modify > Expert > FTP > Advanced settings page and enable ‘Encrypt the communication channel’ and ‘Encrypt the data channel’ options.
You can choose to encrypt both communication and data channel or only the communication channel. If both channels are encrypted, then it may affect the performance of your profile.
4. SyncBack by default uses Explicit mode, however if you want to use Implicit mode then you can enable the option ‘Use implicit connection’ under: FTP > Advanced page.
SFTP uses the Secure Shell (SSH) network protocol to securely authenticate and transfer data between client and server using a single encrypted connection. Additional protection is provided through its underlying security features - Server Authentication, Client Authentication and Data Integrity Verification.
Server Authentication is to ensure that the client is connecting to the correct server that it is intended to connect to (using host key validation), while Client Authentication ensures that authorized clients are only connected to the server (using user ID, password, public and private keys). Data Integrity Verification guarantees that the files transferred over the network have not been altered or deleted (using MAC algorithms). Using these security features, SFTP ensures that your sensitive data is protected from man-in-the-middle attacks. For additional details, see our SFTP article.
1. Create an FTP profile using Profiles > New wizard.
2. In the ‘FTP connection details’ page, enter the hostname/I.P. Address, Username and Password to connect to your FTP server.
3. Tick the check box ‘This is an SFTP server’ and Test the connection.
4. When SyncBackPro connects to an SFTP server for the first time, the user is prompted to validate the host key of the server (server authentication).
5. Once the SFTP server is validated the client is authenticated using username and password, public and private keys (client authentication) and the profile will be created.
For more details on host key validation and client authentication methods, see our SFTP Authentication article.
Note: Only SyncBackPro supports SFTP.
HTTPS is a secure version of HTTP, which is a popular protocol used to transfer data over the Internet. However, HTTP uses an unencrypted connection, so it should not be used to transfer sensitive information.
HTTPS solves the security concerns with HTTP. To protect the confidentiality and integrity of data, the communication between a client and a server is encrypted using Transport Layer Security (TLS) or Secure Socket Layer (SSL) protocols.
HTTPS offers 3 layers of protection:
Encryption – protects the confidentiality of data by encrypting the communication between a client and server.
Data Integrity – ensures the data is not modified, deleted or corrupted during transfer.
Authentication – ensures that you're communicating with the intended server.
SyncBackPro supports HTTPS connections when backing-up files to a cloud server. You can enable encrypted connection under:
Modify Profile > Expert > Cloud > Use encrypted (https) connection
When backing-up to Google Drive™, OneDrive™, Dropbox™, Box, Amazon Drive™, Google Storage™, Microsoft Azure™, SugarSync™, OpenStack and Backblaze™ B2 an encrypted connection is used by default. Some cloud services require an HTTPS connection.
Transfer Encryption is mainly designed to protect your data against network threats and snooping. In this article, we have covered different types of secure connections supported in SyncBack so that you can choose the correct type of encryption to use when transferring files over a network.