File Transfer

 < Free Open Study > 



File transfer, or to be more specific for our study purposes FTP (File Transfer Protocol), is defined as the placement or movement of one or a group of electronic files from one system to another. FTP is an application layer protocol that uses TCP/IP protocols. Users can download files easily from local FTP servers or download files and programs from FTP sites on the Internet to their local systems. FTP commands can be executed from a command line or a GUI (Graphical User Interface) can be used to carry out FTP functions. Users can use FTP commands to rename, delete, copy, or move files that are located on an FTP server. More secure FTP servers require a specific user name and password in order to access files and folders.

Data that is publicly available to users can usually be accessed using anonymous FTP. Anonymous FTP allows users to access information on FTP servers without authenticating with a unique identification. Users can use anonymous FTP to access the FTP site by entering anonymous as a user ID and any password the user chooses.

As you will soon read, there are many security related issues and concerns involved with using FTP. Stay sharp here; the exam is sure to target the inherent security weaknesses associated with FTP.

S/FTP

There are many third-party programs available today that assist in making your FTP server more secure. Many of these programs are Java based and allow for an SSL\TLS encrypted connection to your FTP server. For very secure FTP, X.509 certificates and the use of asymmetric public key cryptography is often used to encrypt public keys. For larger file transmissions, symmetric keys are used to encrypt and decrypt data sessions.

There are many algorithms that are used in securing FTP. A few of these include DES, 3DES, and Blowfish. In conclusion, S/FTP (Secure/FTP) is meant to provide strong authentication and encryption services and support for FTP. Please note that algorithms, certificates, and keys will be described in detail in Chapter 5.

TFTP

TFTP (Trivial File Transfer Protocol) is a scaled down, simplistic version of FTP. Instead of using the TCP (Transmission Control Protocol) that FTP uses, TFTP uses the UDP (User Datagram Protocol). Unlike FTP, TFTP does not use authentication and doesn’t provide any security features whatsoever. It is commonly used by servers as a mechanism to reboot diskless systems and X-terminals.

TFTP uses UDP port 69. Many TFTP servers are targeted by buffer overflow attacks that typically result in a system rest. This results in a denial of service. If you have had the wonderful experience of combating the Nimda virus, you are probably aware that Nimda scans ports 69 and 80 as a means to spread itself. If you do not need to use TFTP, it is suggested that you block traffic on port 69. You will save yourself a world of hurt and possibly many long nights at work. The Nimda virus will be explained further in Chapter 9.

It is common knowledge in the industry that unrestricted TFTP servers can be exploited remotely. Just about anyone can gain access to sensitive material if it resides on a TFTP server. If you absolutely must use a TFTP server, make certain that you have applied all operating system and vendor patches. Otherwise, disable TFTP altogether.

Vulnerabilities

Although FTP is great tool for transferring files, folders, and programs that are too large for e-mail, there are serious vulnerabilities involved with the use of FTP. Some of the highly visible weaknesses inherent with FTP include the following:

  • FTP sessions by default are not encrypted: Usernames and passwords are transmitted in clear text. FTP user IDs and passwords can be grabbed easily with a sniffer.

  • Unsecured FTP sessions are highly susceptible to Man-in-the-Middle attacks: In other words, the files being transferred are grabbed, modified, and forwarded to the FTP server.

  • Port scanning attacks: When a client connects to an FTP server and requests services, the port through which the client made the request stays open until the server responds. There are inherent problems with open ports in FTP. Attackers can run port-scanning techniques to infiltrate open ports and connections on weak FTP servers.

  • IIS (Internet Information Server): This is Microsoft’s Web server product. By default, FTP services are installed with a default IIS instillation. Novice administrators and unknowing rookies are oftentimes unaware of this fact. They leave unneeded services running on their Web servers and leave the FTP service unsecured.

Follow these good FTP practices:

  • Configure your FTP server to run FTP services only. Do not run unnecessary services that can be exploited.

  • Do not store valuable data that cannot be recovered on your FTP server.

  • Use a secure file transfer package such as SSL and encrypt all-important data.

  • Disallow unnecessary access to your FTP server. Do not use blind or anonymous FTP.

  • Audit and log events on your FTP server.

File Sharing

The importance of sharing locally stored files, folders, and other shares is quite obvious in today’s fast paced mobile computing world. Unfortunately, misconfiguration and the lack of proper file system administration opens security holes to an operating system and allows systems to act as catalysts to spread viruses through networks.

An inherent weakness with earlier Windows versions can be seen when file and printer sharing is first enabled. By default, all shares and connections on the system are available to anyone who can access the system locally or remotely. This can be rectified by password protecting each share. Have fun! Hope you remember all of those passwords.

If you have a small peer-to-peer network that you want to protect from outside forces and still be able to share files internally, it is advised that you do not use TCP/IP for file and print services. You can still use file and printer sharing internally if NetBIOS is running. Windows uses NetBIOS locally to communicate with other systems on the same network.

For your protection, it is highly recommended that you use a hardware firewall if you must enable file sharing on your network. If you’re running a small network at home and you can’t afford a good router/hardware firewall solution, download a free software firewall program. It’s better than nothing.



 < Free Open Study > 



The Security+ Exam Guide. TestTaker's Guide Series
Security + Exam Guide (Charles River Media Networking/Security)
ISBN: 1584502517
EAN: 2147483647
Year: 2003
Pages: 136

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net