Skip Navigation
 Search | Directories | Reference Tools
UW Home > UWIN > Computing and Networking > Security 

Secure file transfer software

   Topics on this page

Secure file transfer software required

Transferring files to and from UW central computers requires the use of software that has security features to protect your password. This policy has been in effect since December, 2001.

The requirement for password-protecting file transfer software is part of a UW-wide effort to improve the security of UW computing and networking by no longer allowing the use of programs that send passwords over the network in easily captured ("clear-text") formats.

The simplest way to have the right software is to obtain and install the latest version of the UW Internet Connectivity Kit (UWICK). The UWICK can be purchased on CD-ROM at the UW Book Store or components can be downloaded for free (see Getting Software below). Two secure file transfer programs are in the UWICK:

Important: After each version of the UWICK CD-ROM is created, new versions of software often becomes available. To check for new versions and download them if desired, visit the UWICK pages in the Software Guide.

In addition to secure file transfer programs, the UWICK includes email programs, terminal session ("telnet") programs, browsers, virus protection software, and more.

If you do not maintain the software on your computer, talk to the people who do about making these important upgrades.

Who does this affect?

Anyone transferring files to and from central UW computing services who has not already done so should upgrade to secure file transfer software. (Note: Users of the Fastrans and Fast Download/EXTRACT administrative systems, please see the note below.)

Services affected by this requirement include Unix computing on Dante and Homer, UW administrative systems such as Quipu and Curie, and others. Specific programs that no longer work without secure ftp include Internet Neighborhood, WS_ftp, and versions of Fetch that do not have Kerberos version 5 security.

People Using Recent UWICK File Transfer Software

File transfer software obtained from the Spring 2001 (and newer releases) version of the UW Internet Connectivity Kit already has the needed security features and should continue to work. If you have an earlier UWICK version, we recommend that you update your software by obtaining the latest UWICK CD-ROM or by downloading the software from the Software Guide (see Getting Software below).

People Using Non-UWICK File Transfer Software

If you intend to use file transfer software from some source other than the UWICK, it must be configured to use either the SSH or Kerberos version 5 security protocol or it will no longer work. Refer to your software's help or support site for further information.

People With Old Computers

If you are using a very old computer (generally anything pre-Windows-95 or pre-Mac-OS-8.1) you may find that your computer is too old to run the required secure file transfer software and will no longer be usable for moving files to and from central UW computing services. Talk to your computer support staff about finding an alternative.

Notes for specific situations

Using web publishing software

If you are using the file transfer abilities built into Windows Web publishing programs such as MS FrontPage, Dreamweaver, or many HTML editors, you may need to change how you do things. Most such Web publishing products do not at the present time offer secure file transfer methods. You have two basic choices:

  1. Publish your Web site to a directory on your local computer and then transfer the files and subdirectories to the server using the file transfer programs provided in the UWICK.
  2. Obtain and install the UW's Kerberos FTP Proxy, which translates unsecure FTP into secure Kerberized FTP required by servers at the UW. This approach is somewhat technically complicated and requires specific configuration settings in your Web publishing software.


Software companies (Microsoft, Macromedia, Adobe, etc.) recognize that their products should offer secure file transfer methods and are working on adding them.

For more information, including information on using Macintosh Web publishing programs, see the Using HTML Authoring Tools page.

Transfering files between UW Uniform Access computers and accounts

When working on computers such as Homer, Dante, Socrates, Vergil and Ovid, use the sftp command rather than the older, insecure ftp command to move files from one computer to another or from one account to another.

Transfering files from UW central computers to other computers

Because secure file transfer connections can only be established if the destination computer has the appropriate secure server software on it, using sftp on the UW central computers to transfer files to other computers will not work sometimes. You can usually use ftp in such cases, but keep in mind that doing so may allow a hacker to capture your password. Talk to the system manager of the destination computer for more information on how to do secure transfers. If you have accounts on non-UW computers, do not use the same password on those accounts as you have for your UW NetID.

Getting software

You can find secure file transfer programs for Macintosh and MS Windows computers, already configured for use with UW systems, in the UW Internet Connectivity Kit (UWICK), which can be purchased at the University Bookstore. You can also download the same programs from the UWICK pages in the Software Guide .

For more information

If you are UW faculty or staff, talk to your local (departmental) computing support staff first if you have questions about these changes.