Reflection for Secure IT Server for Windows is a full-featured, easily customizable Windows-based Secure Shell server.

With the Reflection for Secure IT, you can:

• Support secure file transfer using the Secure Shell protocol
• Control and customize file transfer directories
• Monitor the number of connected sessions
• Configure all server settings using the server console
• Configure public key, certificate, or GSSAPI host authentication
• Configure password, keyboard interactive, public key, certificate, RADIUS, SecurID, and GSSAPI/Kerberos user authentication
• Specify which encryption, hashing, and key exchange algorithms the server supports
• Enforce FIPS140-2 algorithm standards
• Control access to the server from client hosts, groups, or users
• Configure customized settings for client hosts, individual users, or user groups
• Audit and troubleshoot using configurable logging information
• Use command-line utilities to control the server and manage keys and certificates
• Configure the server to run in a clustered environment

The following additional features are also available if you are running Reflection for Secure IT Web Edition

• Configure access to files on a remote SFTP server.
• Configure access by users connecting from outside your network who have been provisioned using the Reflection for Secure IT User Manager.

Encryption protects the confidentiality of data in transit. This protection is accomplished by encrypting the data before it is sent using a secret key and cipher. The received data must be decrypted using the same key and cipher. The cipher used for a given session is the cipher highest in the client's order of preference that is also supported by the server.

Reflection for Secure IT Server for Windows supports the following data encryption standards:

• Arcfour, Arcfour128, and Arcfour256 (stream mode)
• TripleDES (168-bit) CBC mode
• Cast (128-bit) CBC mode
• Blowfish (128-bit) CBC mode
• AES (also known as Rijndael) (128-, 192-, or 256-bit) CBC mode and CTR mode

Data integrity ensures that data is not altered in transit.

Secure Shell connections use MACs (message authentication codes) to ensure data integrity. The client and server independently compute a hash for each packet of transferred data. If the message has changed in transit, the hash values are different and the packet is rejected. The MAC used for a given session is the MAC highest in the client's order of preference that is also supported by the server.

Reflection for Secure IT Server for Windows supports the following MAC algorithms:

• hmac-sha1
• hmac-sha256
• hmac-sha2-256
• hmac-sha512
• hmac-sha2-512
• hmac-md5
• hmac-sha1-96
• hmac-md5-96
• hmac-ripemd160