Tactical Advice

A Safety Net for Sharing

Businesses that rely on information sharing through FTP sites need to focus on security.
This story appears in the June 2010 issue of BizTech Magazine.
Credit: Infinity/Veer

The File Transfer Protocol (FTP) is one of the oldest Internet protocols, and like the Simple Mail Transfer Protocol (SMTP), it is still in use today. While most business-to-consumer traffic is through web pages, FTP is widely used by many companies to exchange information with other companies, regulatory agencies and business partners.

If your company is among those that use FTP, how do you ensure that your transfers are secure when you control only half the connection? Here are four ways to keep your company’s data — and your partner’s data — secure.

1. Use an encrypted version of the protocol.

When you browse a website containing private data, such as your bank account, you are typically using the HTTPS protocol. This means that data transferred to and from your bank is transmitted through a secure tunnel.

A similar way to make sure your FTP experience is secure is to use a Secure Sockets Layer (SSL) on top of FTP. In a method similar to creating a secure website, you purchase an SSL certificate from a qualified vendor and apply it to your FTP server. FTP clients then verify the validity of your certificate, exchange secure keys and “talk” to each other over a secure channel.

2. Don’t use your FTP server as a file server.

FTP servers are often targets for attack because they are exposed to the Internet. So why store your data on them? Even the default FTP server in Microsoft Windows lets you specify that transfers should land on another server, perhaps one inside your network. When files are uploaded to that FTP server, the server automatically transfers the data to another server and never stores the data on the FTP server itself.

3. Monitor your FTP server closely.

Reporting is the key to keeping your FTP server safe from harm. “Hammering” reports can alert you if someone is trying to continually hit your site and upload files or attempt a denial-of-service attack. Failed login attempts with invalid user names — not just bad passwords, but user names that don’t exist — indicate a dictionary hacking attack. Both of these can be easily identified in an audit report of your server.

Some FTP server vendors include automated responses to threats. For example, servers can be configured so that five invalid user-name attempts from an IP address block that address, and you receive an alert of potential malicious activity.

4. Limit which IP addresses can connect to your FTP server.


Photo: Brand New Images/Getty Images

Using your FTP server or your company’s firewall, limit both the outbound and inbound connections to the FTP server. If you know the remote FTP server’s IP address, you can set up your server or firewall to permit FTP connections from only that address.

While in theory this seems like an excellent practice, there can be difficulties. First, limits can’t be used with ad-hoc FTP transfers because you don’t know which client will be connecting to you (or from where). Second, if your business partners change their Internet service providers or FTP servers, this might break the firewall or FTP server rules.

5. Encrypt the data itself.

Sometimes the information is of such a sensitive nature that you need to take an extra step and encrypt not just the data stream, but also the data itself. Many companies do this already with e-mail: They use a product that allows individuals to exchange secure keys.

When they send e-mail to a user with whom they’ve exchanged keys, the client automatically encrypts the data before sending it over Simple Mail Transfer Protocol to the remote organization. On the other end, the e-mail client opens and decrypts the data.

The advantage here is that even when the data is not in flight (for example, sitting in an e-mail store or on a file system), it is still encrypted. Not until the final recipient actually opens the message does the data become readable.

Dr. Jeffrey Sheen is the lead enterprise analyst for Grange Mutual Insurance of Columbus, Ohio.
Sign up for our e-newsletter

About the Author

Dr. Jeffrey Sheen

Dr. Jeffrey Sheen

Jeff is tasked with separating the “gee whiz” factor from the truly useful when it comes to the latest tech gadgets, and oh, he holds a Ph.D. in physics. He currently works as the supervisor of enterprise architecture services for Grange Mutual Casualty Group of Columbus, Ohio. His biggest challenge is being an avid Wolverine fan while living in the midst of Buckeye country.

Security

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
Tools to Maintain Mobile Sec... |
Far-flung devices pose serious challenges, but a variety of technologies can help protect...
Edward Snowden Personifies t... |
The NSA leak shows critical areas where organizations can better protect their data.

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...
Curse Builds a Private Cloud... |
One of the top resources in online gaming builds out a robust infrastructure that can...
SDN at the Forefront of HP’s... |
Computing giant kicks off Interop 2014 with a series of announcements aimed at turning...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...
XP-iration Date: Today Is th... |
It’s officially lights out for Windows XP as an operating system. Here’s how the world is...