When FTP just isn’t enough February 28, 2008
Posted by Jonathan Gatrell in News.Tags: Breach, Finjin, FTP, Security
trackback
Finjin just announced that 8,700 server credentials were hacked from standard “in the clear” FTP sites on the internet. The FTP over the internet without a VPN or without using SSL. Secure File Transfer, often referred to as Managed File Transfer (MFT), is deploying encryption at the session level to ensure usernames and passwords aren’t visible in “clear-text” over the internet. Many scripts and basic FTP clients may not support certificate based encryption and without a VPN these credentials could be at risk for who ever would like to “sniff” packets.
Other MFT options would be on of the ASx variants (AS1=SMTP, AS2 = HTTPS, AS3 = FTP over SSL), these capabilities are essentially not just session level encryption, but also payload encryption with non-repudiation capabilities to confirm the contents sent, where the contents received. This confirmation of receipt is done via a “message” is referred to as Message Disposition Notifications. What’s your FTP strategy?
[...] teams in Japan, North American and Europe via file transfer protocol (FTP). As we have stated before, FTP is not a solution to send documents securely. Managed File Transfer (MFT) is the solution for [...]