File transfer services such as FTP or HTTP has been the most common way of file transfer for business requirements. Typically what a file transfer means is that a file transfer protocol such as FTP or HTTP is used to send the stream of bits stored as a single unit in a file system including file name, file size, timestamp and other metadata from one host to another host over a TCP-based network such as the Internet.
But this process is not foolproof. FTP, by itself, is not a secure file transfer protocol and it has a lot of security vulnerabilities. It s a known fact that FTP doesn t provide any encryption for data transfer. Most of the times, the requirement in any business is pretty simple: to transfer files between two endpoints in different locations, and the parties involved do not think much about how secure the file transfer process is going to be.
Using FTP for official file transfer can leave your data transmission exposed to many security attacks:
FTP Bounce Attack
Generally a file transfer happens when the source FTP server sends the data to the client which transmits the data to the destination FTP server. When there s a slow network connection, people often resort to using a proxy FTP which makes the client instructs the data transmission directly between two FTP servers. A hacker can take advantage of this type of file transfer and use a PORT command to request access to ports by posing as a middle man for the file transfer request; then execute port scans on hosts discreetly and gain access data transmitted over the network.
FTP Brute Force Attack
An attacker can carry out a brute force attack to guess the FTP server password by implementing a means to repeatedly try different password combinations until they can succeed in the break-in. A weak password and repeated use of the same password for multiple FTP servers can also help the hacker gain quick access. Once the password is guessed, your data is exposed.
Packet Capture (or Sniffing)
Because the data transfer via FTP is in clear text, any sensitive information such as usernames, passwords can be easily read network packet capture techniques such as packet sniffing. A packet sniffer is just a piece of computer program which can capture transmitted data packets and decode the packet’s raw data exposing data contained in the various fields of the packet.
When we restrict access to FTP servers based on the network address, it is possible that a cyber-criminal can use an external computer and assume the host address of a computer on the enterprise network, and download files during data transfer.
When operating systems assign dynamic port numbers in a particular order or pattern, an attacker easily decodes the pattern and identify the next port number which will be used. By illegally gaining access to a port number, the legitimate client trying to access the file will be denied and the hacker can steal files, or even insert a forged file or malicious file into the data stream which will be accessed by other legitimate users in the organization.
As we discussed above, there are a lot of devious means to intercepting an FTP-based file transfer and the chances of your data being exposed is also high. Networks that adhere to federal compliance norms such as PCI DSS, HIPAA, GLBA, etc. and those agencies and institutions that share government data, and customer records are at high risk if they just depend on FTP for file transfer. So, what s the optimum solution if not FTP?
Managed File Transfer Remedies the Vulnerabilities in FTP
Managed file transfer (MFT) is the best option for file transfer compared to all other file sharing methods such as using FTP, HTTP, TFTP, peer-to-peer file sharing and cloud drives. A managed file transfer server facilitates secure file transfer through the Internet by providing a high level of data security. The MFT server software provides secure internal, external and ad-hoc file transfers for both pull-based and push-based file transfers.
Though MFT also uses FTP for data transfer, this type of file transfer ensures the data is protected by using secure FTP (FTPS, SFTP, etc.) With B2B file transfers, especially in a DMZ environment when internal IP addresses need to be concealed, MFT server s authentication and data encryption methods help ensure secure, reliable and auditable file transfer.
MFT is widely used for securely transferring files over public or private networks and you can:
- Perform secure file transfer via FTP, FTPS, SFTP, HTTP and HTTPS over IPv4 or IPv6 networks
- Carry out ad hoc file transfer
- Monitor the file transfer process in real time
- Get notified of the status once the transfer is complete
- Report on transfer activity and user access
- Limit MFT access by user role and integration with Active Directory
- Transport large wiles with integrity checks and protocol fidelity
When the secure file transfer is concerned at an organizational level, MFT server is the best option that ensures both security and endpoint management simplicity when compared to FTP.
Guest Post by:Vinod Mohan, Product Marketing Specialist Team Lead at SolarWinds with technical expertise in IT management and operations spanning IT security, SIEM, network management, application, systems, storage Virtualization management.