Oddly enough Secure FTP drags alot of attention to itself when running. I had OpenSSH running for two hours and managed to get three different (or could have been the same people) service attacks from Korea, Phillipines, and Thailand. So I would recommend staying away from OpenSSH unless you have a killer Firewall. Something like a Watchguard, which is what I have now and I run it now when our customers need it. When they don't, I disable the firewall policy, which in effect also stops the SFTP. By the way, the configuration I was running when attacked was under a Sonicwall. I hate Sonicwall for reasons like this.
But couldn't you do the same with a SonicWall firewall, turn the policy off when you are not using the SFTP?
For some reason the Sonicwall was allowing SSH already. I am not sure if it...