Posts Tagged FTP

Why Bother Upgrading Beyond Standard FTP?

Posted by on Thursday, 26 September, 2013

Right out of the box, most operating systems come with a built-in File Transfer Protocol (FTP) tool that makes it possible to transfer large files between people, computers and servers.  It accomplishes the key goal, which is to deliver the file from one place to another.  However, too many organizations’ philosophy has been that as long as the files were getting where they needed to go, standard FTP was good enough. That was especially true when they were transferring files internally.

The truth is that FTP alone has never been good enough, because too much information (file data, user names, passwords, etc.) is vulnerable to hackers and it only takes fairly rudimentary hacking skills to steal it.  Now with increased pressure to protect sensitive data coming from regulators and consumers, it’s urgent that companies implement a more secure file transfer method.

Take a look at this short video to hear Bob Luebbe, Linoma Software’s Chief Architect, talk about the dangers of standard FTP.

 

At the end of this video, Bob mentions the value of clustering and load balancing to promote high active-active availability. Since this video was produced, we’ve also added these features to both GoAnywhere Services and GoAnywhere Director.

In fact, Bob just delivered a free webinar on the latest updates to GoAnywhere, and you can view a recorded version here.

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

Message Queues and Network Shares Added to Managed File Transfer Solution

Posted by on Monday, 28 February, 2011

The new 3.5 release of GoAnywhere Director is now available with more features to help organizations automate, secure and manage file transfers.

In this new release, GoAnywhere Director provides simpler access to files and folders on Network Shares. It can also connect to enterprise Message Queues (e.g. WebSphere MQ) for better integration with customer applications. The new version also includes “File Monitors” which can be used to easily scan for new, modified and/or deleted files in targeted folders. Additionally, this release includes the ability to auto-resume file transfers if FTP and secure FTP connections are broken.

In addition, better High Availability (HA) capabilities allow GoAnywhere Director to store configurations in customer database systems including SQL Server, MySQL and DB2 for IBM I (iSeries). This allows customers to manage and replicate this data using in-house database and HA tools.

I’ll say it again, that of all the tools I have purchased over 28 years in I.T. GoAnywhere Director is my favorite! ~ Don McIntyre, Kansas City, Missouri School District

Read the press release  > >

Bob Luebbe

Bob Luebbe has worked in the IT field since 1985. During his career, he has worked in a wide variety of roles including software development, project management, consulting and architecting large-scale applications. Bob has been with Linoma Software since 1994 and is currently serving its Chief Architect. His main focus for the last several years has been developing technologies to help organizations to automate and secure their file transfers, as well as to protect data at rest through encryption and key management.

More Posts - Website

FTP Lack of Security Exposed

Posted by on Monday, 24 January, 2011

Apollo Project CSM Simulator Computers and ConsolesFTP was designed as an easy mechanism for exchanging files between computers at a time when networks were new and information security was an immature science. In the 1970s, if you wanted to secure a server from unwanted access, you simply locked the computer room door. User access to data was controlled by the basic User ID and password scenario. (Right is a reminder of how much technology has advanced since the 1970s. The photograph,  taken December 11, 1975, is the Apollo Project CSM Simulator Computers and Consoles. Photo Courtesy of NASA.)

The Internet did not yet exist and the personal computer revolution was still a decade away.

Today, the security of business file transfers is of paramount importance. The exchange of business records between computing systems, between enterprises, and even across international borders has become critical to the global economy.

Yet, the original native FTP facility of TCP/IP wasn’t designed for the requirements of the modern, globally connected enterprise. FTP’s basic security mechanisms – the User ID and password — have long ago been outdated by advances in network sleuthing technologies, hackers, malware, and the proliferation of millions of network-attached users.

Risks associated with using native (standard) FTP include:

  • Native FTP does not encrypt data.
  • A user’s name and password are transferred in clear text when logging on and can therefore be easily recognized.
  • The use of FTP scripts or batch files leaves User IDs and passwords in the open, where they can easily be hacked.
  • FTP alone, does not meet compliance regulations. (For example: HIPAA, SOX, State Privacy Laws, etc.)
  • When using an FTP connection, the transferred data could “stray” to a remote computer and not arrive at their intended destination leaving your data exposed for third parties or hackers to intercept.
  • Conventional FTP does not natively maintain a record of file transfers.

The first step is to examine how FTP is being used in your organization. The next step is to identify how your organization needs to manage and secure everyone’s file transfers. The final step is to evaluate what type of Managed File Transfer Product your company needs.

For more information download our White Paper – Beyond FTP: Securing and Managing File Transfers.

Bob Luebbe

Bob Luebbe has worked in the IT field since 1985. During his career, he has worked in a wide variety of roles including software development, project management, consulting and architecting large-scale applications. Bob has been with Linoma Software since 1994 and is currently serving its Chief Architect. His main focus for the last several years has been developing technologies to help organizations to automate and secure their file transfers, as well as to protect data at rest through encryption and key management.

More Posts - Website

Was FTP Behind the Wikileaks Breach?

Posted by on Monday, 3 January, 2011

November and December were difficult months for IT security.

Wikileaks began on Sunday November 28th publishing 251,287 leaked United States embassy cables, the largest set of confidential documents ever to be released into the public domain. How do security officials believe these documents were originally retrieved by the alleged source, Pfc. Bradley Manning? Many security professionals are wondering if FTP was the software mechanism used.

Also in the news was the security breach at the popular publication Gawker.com. Over the weekend of December 11, Gawker discovered that 1.2 million accounts were compromised, the infrastructure breached, and access to MySQL databases raided. Gawker internal FTP credentials were listed as a part of the breach.

Gawker’s problems prompted Social Networking giant LinkedIn to reset the passwords of all users that had Gawker.com accounts, for fear of contamination by hackers who had gained Gawker profile information.

Smaller national headlines of other breaches included the theft of an undisclosed number of email addresses, birth-dates, and other information by a contractor working for McDonalds.

Also, it was reported that a mailing list was pilfered from the drugstore giant Walgreens. In addition, a leak of law enforcement data was reported by a Mesa County, Colorado.

Finally, a popular Open Source FTP server software application, ProFTPD version 1.3.3c, was distributed containing a malicious backdoor that permits hackers to access FTP credentials. It is thought the attackers took advantage of an un-patched security flaw in the FTP daemon to gain access to the server and exchange distribution files.

What do these various breaches have in common? The threats may be too diverse to slip into a single category, but the likely culprit is the use of powerful native FTP, without proper, secure management. Once a doorway is left open, native unmanaged FTP access can wreak havoc in any organization.

It doesn’t have to be this way. Using a managed secure file server like Linoma Software’s GoAnywhere Services – which has granular permissions and security controls, along with detailed audit logs and alerts – IT can monitor and better secure and control its data resources.

Regardless of how your organization or your trusted business partners are configured to exchange data, isn’t it time to consider a better way to manage your company’s file transfer security?

Related Blog Post: Are You Confident Your FTP Credentials are Secure?

Thomas Stockwell

Thomas M. Stockwell is one of Linoma Software's subject matter experts and a top blogger in the industry. He is Principle Analyst at IT Incendiary, with more than 20 years of experience in IT as a Systems Analyst, Engineer, and IS Director.

More Posts - Website

Are You Confident Your FTP Credentials Are Secure?

Posted by on Monday, 6 December, 2010

Nesting Dolls to Wormholes

Do You Know Where Your FTP Credentials Are?

FTP Security WormholeA security researcher named Chris Larson happened onto a curious website last September that had been serving some malicious-looking exe files. While poking around, he wrote in his blog, “I came across an ‘unlocked door’ on the malicious Web site and took a look inside.” Treading like an adventurer in Alice’s Wonderland, Larson discovered that this little doorway opened into a world of potential hurt for companies around the world.

There was a strange, oddly-sized GIF file that, with further poking, revealed a hidden payload. The GIF, when poked, revealed four text files. Little by little, their contents spilled out, until, finally it revealed a dark criminal archive. The files contained the login credentials of more than 100,000 FTP sites.

It was an unbelievable discovery, like a Russian nesting doll, that – when unpacked – opened a veritable wormhole to FTP sites around the world: Domain names, User IDs, and Passwords.

Nearly two thousand of these FTP credentials were the domain credentials from one particular site that claimed to Web-host nearly two hundred thousand separate FTP sites. Another file contained a hundred thousand credentials from a variety of unrelated individual sites. Using this archive of FTP credentials, the thief (or thieves) could penetrate, inspect, and selectively harvest the information contained within stored files that users had transferred between their workstations and their corporate computers.

How this archive was assembled and hidden demonstrates how the network of thieves profits and expands. Larson noticed a duplication of a small percentage of the FTP credentials. This seems to indicate that the archive was probably robotically created by a virus or Trojan.

Larson had discovered an actual retail operation that gathers FTP credentials, and then sells those credentials – like a retail mailing list — throughout the underworld to anyone who can pay the price. The archive, in its hidden GIF packaging, appears to be the actual product. Such an archive would be valuable to identity thieves with its hidden payload. In this state, it was ready to be transmitted to other thieves, running beneath the radar of security network packet sniffers.

This begs the question: “Do you know where your company’s FTP credentials are stored?” If your company is using a managed file transfer (MFT) suite like Linoma’s GoAnywhere, you already know the answer.

The best MFT suites manage the access to FTP, centralize the file transfer process, and secure the credentials that are communicated between hosts. By using a MFT suite, IT can institute rules by which file transfer credentials are organized, encrypt the transfers themselves, and log every transfer activity. User credentials to other servers are also centralized and secured, and the connection rules that your business partners use can be managed to ensure that user ids and passwords regularly updated.

Chris Larsen uncovered a secret world in which the doors to our systems – and our business partner’s systems – are sold as simple commodities, available to anyone who can pay the price. It’s like a toyshop where your company’s FTP credentials are displayed like exotic dolls, nested within a GIF wrapping: a GIF that promises to keep on giving.

Isn’t it time to do something about it?

Thomas Stockwell

Thomas M. Stockwell is one of Linoma Software's subject matter experts and a top blogger in the industry. He is Principle Analyst at IT Incendiary, with more than 20 years of experience in IT as a Systems Analyst, Engineer, and IS Director.

More Posts - Website