0

I understand that UNC (Uniform Naming Convention), SFTP, and SSH are different interfaces (protocols?) that can be used to upload files to a server. But feature-wise, how do they differ? Are there things you can do with one that you cannot do with another? Is one more secure than another?

The situation I want to fix is one where we have several Windows servers and VPC's, some of which have SFTP servers and some of which don't. For those that don't we use UNC over a VPN shared by the entire enterprise. What I want to do is either use all UNC, all SFTP, or all SSH (unless a real need to vary on a case-by-case basis presents itself).

Links would be excellent. My biggest problem here is that my googling brings up irrelevant results. :(

EDIT: Our needs are simply to upload files to Windows servers, including VPC's, both manually and automatically (e.g. via command-line tools). When we upload, we really need files to not be seen by anyone else.

EDIT: All users have Active Directory domain accounts, so it would be nice (though not strictly necessary) to use these. Any authentication that is reasonably secure (Windows or otherwise) will work.

jyoungdev
  • 103
  • 1
  • 4
  • 1
    It might help to illustrate how your users are authenticating. Shared logins or individual accounts, local or domain accounts and certificates on sftp/ssh. Also when you mention that files should not be seen by anyone else, is that just indicating that all transfers should be encrypted or that no one in the org can see files saved by another individual within the org? – Michael Henry Jan 14 '11 at 10:26
  • The data should be encrypted so that no one else in the organization can see the file being transferred. It is fine if others have access to it once it is transferred; ideally, the person or script transferring the file should be able to set the file's permissions on the server. – jyoungdev Jan 14 '11 at 15:15
  • 1
    Regarding SMB/CIFS and encryption, this question might be interesting for you: http://serverfault.com/questions/23008/is-ipsec-the-only-way-to-encrypt-microsoft-smb-cifs-traffic – Christoph Jan 14 '11 at 16:26

1 Answers1

3

Your question is a bit vague. I assume that you mean the Uniform Naming Convention (Wikipedia) by UNC. UNC is not a way of sharing files, but just the addressing mechanism for Windows file shares. The underlying protocal that actually transports the data is SMB/CIFS. If you search for information about the Windows file sharing mechanism, it would be better searching for "SMB" or "CIFS".

The other problem that I have with your question is how SSH fits in, because it does not implement file sharing by itself, but you would use it for tunneling other protocols, like e. g. SMB. You could replace you VPN with an SSH tunnel, but if you have only Windows machines, I would not recommend this.

My personal opinion when comparing SMB and SFTP is that SMB is much more convenient for Windows users, because it is integrated into the OS and you can map SMB shares are network drives. Also, Windows will establish the connection when you access the resource whereas you have to use an FTP client for SFTP. However, I do not know enough of your application scenario to give you any specific recommendations.

Christoph
  • 309
  • 7
  • 16