File Transfer Protocol (FTP) Vulnerabilities

Another common, publicly exposed service involves the File Transfer Protocol (FTP) defined within the TCP/IP suite. FTP allows users to upload or download files between client systems and a networked FTP server. FTP servers include many potential security issues, such as anonymous file access and unencrypted authentication.

As with SMTP and LDAP, FTP servers can incorrectly manage buffers and allow rogue code to be run on them. In early 2001, the CERT coordination center issued an advisory in regard to one of these exploits. Details can be found at www.cert.org/advisories/CA-2001-07.html. The Security Administrator's Integrated Network Tool (SAINT) Web site has a great tutorial on FTP vulnerabilities as well.

Anonymous Access

Many FTP servers include the capability for anonymous access in their default installation configuration. Anonymous access is a popular method to provide general access to publicly available downloads such as a mirror site that contains a new open -access license (OAL) software distributionperhaps the newest version of Linux. Here, it is unnecessary and even undesirable to require every possible user to first obtain an account and password to access the download area, so an option is provided to allow anonymous access.

The problem with this form of access is that any user may download (and potentially upload) any file desired. This may rapidly result in a server's available file storage and network access bandwidth being consumed for purposes other than those intended by the server's administrator. If unauthorized file upload is allowed along with download, illegal file content could be placed on the server for download without the knowledge of the system's administrator.

Unencrypted Authentication

Even when user authentication is required, protocols such as FTP and Telnet pass the username, password, and even transacted data in an unencrypted form (cleartext), allowing packet sniffing of the network traffic to read these values, which may then be used for unauthorized access to the server. A packet sniffer is a software agent capable of monitoring all data traffic through a network interface card (NIC) running in promiscuous mode. Sniffers listen to all traffic on a local subnet and then filter what particular information is requested . Because most sniffers allow the data to be modified and retransmitted, man-in-the-middle and spoofing attacks can occur if network wiring is not properly secured and access to workstations is not restricted. Products such as Snort, Sniffit, and even Microsoft's integrated Network Monitor can provide a detailed analysis of the protocols and data being transmitted.

Besides protecting access to LAN segments, routers should be secured too. A common way to access routers is through the use of Telnet, which passes passwords in cleartext. Cisco has some excellent informative papers on its Web site in regard to router security and how to apply access control lists (ACLs) to a Telnet connection.

graphics/alert_icon.gif

A more secure version of FTP (S/FTP) has been developed that includes Secure Sockets Layer (SSL) encapsulation. RFC 2228 defines several security extensions to the FTP specification (RFC 959), including support for security issues such as authentication (AUTH), data channel protection (PROT), integrity protection (MIC), and confidentiality (CONF).

The preferred alternative to the Telnet protocol is the Secure Shell (SSH) protocol, which is intended as a replacement for telnet, rlogin, rsh , and rcp . Currently, two forms of the SSH protocol are in use: SSH1 and SSH2. These forms are not directly compatible. For more information on the working group involved with the SSH specifications, visit www.ssh.com.


Blind Access

Many public and semiprivate FTP sites may be configured for blind access. A blind FTP server is configured to allow uploads to folders that do not allow FTP users to view their contents, making the actual filenames secret. One potential problem with this setting is that a new file of exactly the same name as another file can potentially overwrite that other file if the operating system does not support file versioning.

Blind FTP sites may also be used for download if an additional layer of security over the file contents in a directory is desired. Users can be given the name of the file to download and are unable to see other files, thus preventing access to those files. If this solution is used, it is important to avoid naming all files using a standard naming scheme that might be guessed by a user seeking unauthorized access to files within the blind FTP site.

File Sharing

Publicly accessible FTP sites are very popular within file-sharing groups, particularly with individuals seeking locations through which they may anonymously share Warez (cracked commercial programs), MPEG Layer-3 (MP3) audio files, and many other types of file content that may be considered undesirable or even illegal. Sites that are not properly protected can be rapidly identified and exploited for this purpose. In fact, many newsgroup lists identify current FTP hosts that can be used for unauthorized file swapping.

The default installation of many FTP servers includes anonymous (public) access and may rely on the configuration of an additional file, such as the ftpusers file, to specify those accounts that do not have access to the FTP site. Coupled with the ability for the FTP service to operate on any port (21 by default), this functionality makes protecting FTP sites and completely securing them against undesirable file sharing very difficult.



Security+ Exam Cram 2 (Exam SYO-101)
Security+ Certification Exam Cram 2 (Exam Cram SYO-101)
ISBN: 0789729105
EAN: 2147483647
Year: 2005
Pages: 162

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net