Requiring unique user accounts for source and target SFTP/FTPS endpoints is a security best practice that helps mitigate risks and enhance the overall security posture of file transfer operations.
Here's a valid reason for this practice:
Isolation and Least Privilege: Requiring unique user accounts for both source and target SFTP/FTPS endpoints follows the principle of least privilege and isolation. Each SFTP/FTPS endpoint, whether it's the source or the target, should have its own dedicated user account with the minimum necessary permissions to perform its specific role. This ensures that if a breach or unauthorized access occurs on one endpoint, the attacker's ability to move laterally within the environment is limited. It prevents a compromised account on one endpoint from directly affecting the other.
For instance, if a shared user account was used for both source and target endpoints, an attacker who gains access to that account (or compromises the password) would have unfettered access to both sides of the file transfer. With separate accounts, the attacker's ability to propagate their access is constrained, reducing the potential impact of a security breach.
Furthermore, this practice also aids in auditing and accountability. With unique user accounts, it becomes easier to track and attribute actions to specific individuals or processes, making it simpler to identify the source of any security incidents or breaches.
In summary, using unique user accounts for source and target SFTP/FTPS endpoints enhances security by enforcing isolation, limiting lateral movement, and adhering to the principle of least privilege, all of which contribute to a more robust and secure file transfer process.
Example : Source SFTP User
Example :Target FTPS User
Multiple users can be associated with a single Flow Endpoint.
Using the Add or Edit User option lets you create new users to access this Flow Endpoint.
Create a username and choose an authentication type from User Password or SSH Key
Once saved this new user will be in the User Table