cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SFTP adapter security questions

Go to solution
Former Member

on ‎12-16-2015 2:12 PM

0 Kudos

We have to establish a SFTP connection to an external partner because we have to pick up some files (SFTP sender adapter). Therefor we have to open port 22 for this connection. I've got two questions from our security guys.

  1. Is it possible to attack the PI system though this connection?
  2. Is it guaranteed that the SFTP sender channel closes the connection after each try respectively transfer?

For question 2 I have only found an implicit hint. SAP note 2069078 indicates that the adapter has exactly the required behavior.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

manoj_khavatkopp
Active Contributor
‎12-16-2015 2:16 PM
0 Kudos

Hi Gil,

For question 2:

You have option in Sftp adapter,  connection mode as per file transfer or permanent.

Regards,

Manoj

Show replies
Show replies
Former Member
‎12-16-2015 2:21 PM
0 Kudos

Maybe I haven't the newest version of the SFTP plugin. And I've found this online help.

https://help.sap.com/saphelp_nw-secure-connect102/helpdata/en/2e/99f0fb5a9e45b3b148c90e87fafcd1/cont...

Former Member
‎12-16-2015 2:28 PM
0 Kudos

Okay, my fault. It is implemented with SP04. We have to deploy it. Thank you.

Former Member
‎01-06-2016 9:56 AM
0 Kudos 


Manoj Kh wrote:




Hi Gil,


For question 2:


You have option in Sftp adapter,  connection mode as per file transfer or permanent.




Regards,


Manoj

I have to reactivate this topic again. In the meantime we installed the SP04 and I imported the corresponding ESR content but I can find a possibility to activate the permanent activation mode. Can anybody help here?


Here is the documentation for SP04: http://help.sap.com/nw-secure-connect104


Release notes: "Permanent connection mode is supported for SFTP receiver channels."


But I can't find the corresponding parameter in the configuration guide. http://help.sap.com/saphelp_nw-secure-connect104/helpdata/en/cd/7c47aa02074adbbc7ba541b446c026/frame...


And the next problem is that this feature is only for the receiver. I need a statement for the sender.

Former Member
‎01-06-2016 10:15 AM
0 Kudos

Okay, it seems that the way described in 2069078 is the only way. (What a crap. )

manoj_khavatkopp
Active Contributor
‎01-06-2016 10:24 AM
0 Kudos

Gil , i am not sure on SAP SFTP adapter but the connection mode is available in Advantco SFTP adapter (Sender and Receiver) i guess you need to go with advanced parameter only as mentioned in note 2069078.

Answers (2)

Answers (2)

former_member183816
Active Participant
‎12-16-2015 7:48 PM
0 Kudos

For your first question,

Yes it is secured. It also uses SSL/TLS just like your HTTPS connection does. On top of it, you are polling FTP server (not like FTP server is pushing files on your PI server), so until unless your FTP server is compromised, no one can enter in your PI system.

Read page no 10 here,

https://www.sans.org/reading-room/whitepapers/casestudies/case-study-secure-file-transfer-implementi...

Show replies
Show replies
vicky20691
Active Contributor
‎12-16-2015 3:19 PM
0 Kudos

Hi Gil,

1. SFTP is more secure than FTP obviously. If you want your files to be secured and prevent from attack do go for PGP encryption. It comes with SFTP add-on itself

2. You have already figured out answer to ques 2 as i can see above

regards,

Vikas

Show replies
Show replies
Ask a Question