Secure your SFTP server: Tip 2 - Tighten your SFTP server firewall

The first tip in this series on securing your SFTP (and FTP) server was to keep your operating system and server software up-to-date with the latest security patches. Next, make sure you tighten your SFTP server firewall. The best way to ensure that your server is never hacked is to make sure hackers never get near it, and that is best accomplished by keeping intruders out of your corporate network. This means keeping your firewall's software current, and keeping vigilant by proactively monitoring your firewall logs. It may also mean conducting regular penetration testing to ensure your SFTP server firewall is doing its job.

On a related note, if your secure SFTP server is not required to be accessible from the Internet, ensure that it cannot be accessed from the Internet. Note that this does not mean intruders cannot indirectly access your server from another compromised corporate server, but it will help.

On the internal corporate network, it is likely that not all users will require access to your secure server, so wherever possible ensure that only authorized corporate users do have access. And of course, all the usual caveats about disabling access when employees move on apply.

Applying the above security measures is not difficult, but ensuring that they are regularly enforced certainly is. When security measures are not enforced, or are applied haphazardly, no-one notices - until finally there is a serious attack and valuable corporate data is stolen. Clear policies and competent, diligent network administrators are required. If the value of corporate data is very high, it may well be worthwhile conducting regular security audits by a trusted third party.