FTP Lack of Security Exposed
FTP was designed as an easy mechanism for exchanging files between computers at a time when networks were new and information security was an immature science. In the 1970s, if you wanted to secure a server from unwanted access, you simply locked the computer room door. User access to data was controlled by the basic User ID and password scenario. (Right is a reminder of how much technology has advanced since the 1970s. The photograph, taken December 11, 1975, is the Apollo Project CSM Simulator Computers and Consoles. Photo Courtesy of NASA.)
The Internet did not yet exist and the personal computer revolution was still a decade away.
Today, the security of business file transfers is of paramount importance. The exchange of business records between computing systems, between enterprises, and even across international borders has become critical to the global economy.
Yet, the original native FTP facility of TCP/IP wasn’t designed for the requirements of the modern, globally connected enterprise. FTP’s basic security mechanisms – the User ID and password — have long ago been outdated by advances in network sleuthing technologies, hackers, malware, and the proliferation of millions of network-attached users.
Risks associated with using native (standard) FTP include:
- Native FTP does not encrypt data.
- A user’s name and password are transferred in clear text when logging on and can therefore be easily recognized.
- The use of FTP scripts or batch files leaves User IDs and passwords in the open, where they can easily be hacked.
- FTP alone, does not meet compliance regulations. (For example: HIPAA, SOX, State Privacy Laws, etc.)
- When using an FTP connection, the transferred data could “stray” to a remote computer and not arrive at their intended destination leaving your data exposed for third parties or hackers to intercept.
- Conventional FTP does not natively maintain a record of file transfers.
The first step is to examine how FTP is being used in your organization. The next step is to identify how your organization needs to manage and secure everyone’s file transfers. The final step is to evaluate what type of Managed File Transfer Product your company needs.
For more information download our White Paper – Beyond FTP: Securing and Managing File Transfers.
Latest posts by Bob Luebbe (see all)
- What Is Your High Availability Plan for Your SFTP Server? - January 2, 2013
- The Problem with FTP - December 8, 2011
- SFTP versus FTPS – What is the best protocol for secure FTP? - October 20, 2011