After a series of articles on email service vulnerabilities, we start with File Transfer Protocol (FTP)
File Transfer Protocol (FTP)Security is one of the major opponents of FTP services. Many companies bar FTP fearing been attacked by a hacker, or even having an intruder eavesdropping the site.
Using private FTP over the Internet has some security implications. As with rcp, the user name and password are transmitted in the clear, so anyone on the route between your client and server can sniff your user name and password. They can then use your user name and password to gain unauthorized access to the server. The data you transfer are also unencrypted and can be sniffed as well.
These two problems can be overcome by using a SSL (Secure Socket Layer) version of the FTP server and client program. When using SSL, all network traffic is encrypted, and the client and server can use strong authentication. There is one drawback however, the SSL protocol requires a third, independent party, as a CA (Certification Authority). This CA must be trusted by both parties and is used in establishing the true identity of the client and server. In the case of a Web browser, this CA is one of the "true" authorities, like Verisign is (for more information on VeriSign, check their URL at http://www.verisign.com). However, for a dedicated FTP connection between a client and a server this CA can be any party that is trusted by both.
To resolve this problem, there are firewall and proxy products available to incorporate a secured anonymous FTP server, which provides read-only access to a protected and limited file hierarchy. This products provide an interface mechanism that enables a writable incoming directory to allow the sending of files to a firewall. The data areas are then accessed only from the internal network
Try to develop a configuration checklist based on the environment you have, don't go around coping recommendations from books or from the Web! Instead, used them as a template to be customized to the needs and systems characteristics of your company. The following are configuration suggestions to be considered (Remember! Add to the list depending on your needs!)
- Check if your FTP server is running correctly - Periodically you should check if your FTP Server service is running correctly. If you are using a Windows NT server, you can try to use FTP on the local system by typing the IP loopback address from the command line:
ftp 127.0.0.1.
Go To Page: 1 2
