» 

Blog

Posts Tagged with "FTP"

FBI Issues Warning on FTP Servers

FBI warning for FTPThe FBI recently issued a Private Industry Notification to healthcare providers warning them of the dangers of unsecured FTP servers. According to the alert, the FBI is aware of criminal actors actively targeting FTP servers operating in “anonymous” mode, meaning a user can authenticate to the FTP server with a common username like “anonymous” or with a generic email address or password. The FBI notification cited a 2015 study from the University of Michigan that indicated over one million FTP servers were configured to allow anonymous access.

While the notification was intended for medical and dental facilities, inadequate FTP security is a concern across all industries. According to the FBI, “Any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals.”

The problems with FTP servers go beyond anonymous mode. For one thing, many organizations are running legacy FTP software that hasn’t been kept up-to-date with modern security concerns. Another widespread issue comes from granting excess permissions to trading partners or internal staff. Anyone given administrative access could change a setting on the server without realizing the potential security implications.

Hopefully it’s clear that you should be using encryption to protect your data. What some businesses fail to realize is that encryption methods vary greatly in strength based on factors like  key size and type of encryption ciphers used. Many of the older ciphers and protocols have been broken and are now obsolete. Finally, a major problem with legacy FTP servers is a lack of alerts if anything goes wrong and the lack of detailed logs to help you maintain compliance with industry regulations.

These common pitfalls can be addressed with a robust managed file transfer (MFT) solution. Managed file transfer offers a variety of strong, up-to-date protocols and encryption methods, allowing you to replace standard FTP with something more secure like SFTP or FTPS. Software with role-based security gives you the option to limit any user or user group to just the permissions they absolutely need, and detailed audit logs keep track of exactly which user took what action and when—essential information for your team and for auditors alike.

To learn more about how to secure an FTP server, watch the on-demand webinar, Top 10 Tips for Securing Your FTP or SFTP Server.

 


SFTP vs. FTPS: The Key Differences

SFTP vs FTPSFTP, SFTP, FTPS, HTTPS, AS2… the many options for transferring files can make it confusing to answer the question that matters—what is the best way to secure your company’s data during transfer? This blog post is an introduction to the differences between the two mainstream secure FTP protocols, SFTP and FTPS, and which is the best choice to protect your file transfers.

Can’t I Just Use FTP?

FTP is a popular file transfer method that has been around longer than the world wide web—and it hasn’t changed much since it’s invention. Back then, it was usually assumed that internet activity was not malicious, so FTP wasn’t created with features to deal with the kind of cybersecurity threats we now see in the news every day.

FTP exchanges data using two separate channels known as the command channel and data channel.  With FTP, both channels are unencrypted, leaving any data sent over these channels vulnerable to being intercepted and read.

Even if a man-in-the-middle attack is a risk that you are personally willing to take, industry regulations such as PCI DSS, HIPAA, and others, require data transfers to be encrypted. Unfortunately, despite escalating security risks and the high cost of non-compliance, FTP is actually growing in popularity.

We highly recommend you avoid the basic FTP protocol and choose a secure option.

What is FTPS?

In the 1990’s concern about internet security was growing, and in response Netscape created the Secure Sockets Layer (SSL, now known as TLS) protocol to protect communications over a network. SSL was applied to FTP to create FTPS. Like FTP, FTPS uses two connections, a command channel and a data channel. You can choose to encrypt both connections or only the data channel.

FTPS authenticates your connection using either a user ID and password, a certificate, or both. When connecting to a trading partner's FTPS server, your FTPS client will first check if the server's certificate is trusted. The certificate is considered trusted if either the certificate was signed by a known certificate authority (CA), or if the certificate was self-signed by your partner and you have a copy of their public certificate in your trusted key store. Your partner may also require that you supply a certificate when you connect to them. If your certificate isn’t signed by a third-party CA, your partner may allow you to self-sign your certificate, sending them the public portion beforehand to load into their trusted key store.

User ID authentication can be used with any combination of certificate and/or password authentication.

What is SFTP?

While FTPS adds a layer to the FTP protocol, SFTP is an entirely different protocol based on the network protocol SSH (Secure Shell) rather than FTP. Unlike both FTP and FTPS, SFTP uses only one connection and encrypts both authentication information and data files being transferred.

SFTP provides two methods for authenticating connections. Like FTP, you can simply use a user ID and password. However, with SFTP these credentials are encrypted, which gives it a major security advantage over FTP. The other authentication method you can use with SFTP is SSH keys. This involves first generating a SSH private key and public key. You then send your SSH public key to your trading partner and they load it onto their server and associate it with your account. When they connect to your SFTP server, their client software will transmit your public key to the server for authentication. If the public key matches your private key, along with any user or password supplied, then the authentication will succeed.

User ID authentication can be used with any combination of key and/or password authentication.

What is the difference between FTPS and SFTP?

We’ve established that both FTPS and SFTP offer strong protection through authentication options that FTP can’t provide. So why should you choose one over the other?

One major difference between FTPS and SFTP is that FTPS uses multiple port numbers. The first port, for the command channel, is used for authentication and passing commands. However, every time a file transfer request or directory listing request is made, another port number needs to be opened for the data channel. You and your trading partners will therefore have to open a range of ports in your firewalls to allow for FTPS connections, which can be a security risk for your network. SFTP needs only a single port number for all SFTP communications, making it easy to secure.

While both protocols have their benefits, we recommend SFTP thanks to its better usability with firewalls. For an enterprise, it is ideal to have a managed file transfer (MFT) solution that can manage, monitor, and automate file transfers using a variety of protocols, including FTPS and SFTP. MFT is extremely valuable if you have trading partners with different requirements, and it has additional features like detailed audit logs to help you comply with industry regulations.

GoAnywhere is a managed file transfer solution that supports both SFTP and FTPS. Learn more about GoAnywhere MFT.  


Four Modern Alternatives to FTP Explained

Today's data-driven world is demanding, requiring accuracy, speed, integrity and above all -- security. It's a tall order to fill, and in the past, many organizations relied heavily on the legacy FTP protocol to transmit files. But over time, the security of this method has been tested by hackers.

FTP AlternativesFor example, a serious breach occurred at Yale University in 2001, when more than 43,000 user IDs were exposed and all data was carefully harvested from an FTP server. Acer customer details were stolen in a similar fashion the same year. And most recently, 7,000 FTP sites had their credentials circulated in underground forums, including an FTP server run by The New York Times.

Security and file transfers are a significant concern for IT security professionals, but what is the best way to safeguard your company's data?

Leveraging More Secure Options

As many organizations have evolved past traditional FTP, they are opting for modern and secure options for transmitting data, including:

SFTP. Also known as FTP over SSH, SFTP brings down the risk during data exchange by using a secure channel between computer systems to prevent unauthorized disclosures during transactions. Authentication of an SFTP connection involves a user id and password, SSH keys, or using both.  It is also firewall friendly, only needing a single port number to be opened.

HTTPS. Many sites are gravitating to HTTPS instead of the traditional HTTP, but what are the major differences? For starters, traditional HTTP doesn't encrypt traffic to your browser, which poses a security risk. In contrast, HTTPS provides an added encryption layer using Transport Layer Security (TLS). This creates a secure channel so the integrity of the data is not changed without your knowledge. HTTPS is ideally suited for file transfers where a trading partner requires a simple, browser-based interface for uploading data.

AS2. This is a popular method for transporting EDI data safely and reliably over the Internet. The AS2 generates an "envelope" for the data, allowing it to be sent using digital certifications and encryption. For example, Walmart has become well known for using EDI through AS2 and has played an important role in driving adoption in the retail industry.

Managed File Transfer. A method that supports the above options and makes FTP more secure is managed file transfer (MFT). This secure option streamlines the exchange of data between systems, employees and customers. Numerous protocols and encryption standards are supported, and MFT provides extensive security features that meet strict security policies to comply with PCI DSS, HIPAA, GLBA and other regulatory requirements.

MFT solutions provide advanced authentication and data encryption to provide secure and reliable file transfers. You can also track user access and transfer activity through reporting features.

Overall, managed file transfer offers the best option for securely managing the transfer of data quickly, efficiently with detailed audit trails. It's preventive, rather than reactive, which is what security professionals in today's environment need most.  


Free FTP Server and Client Helps Businesses Improve Security and Audit File Transfers

GoAnywhere MFT's integrated FTP Server and Client for automating and auditing file transfers is now available as a Free Edition of the enterprise-class Managed File Transfer solution. 

GoAnywhere Managed File Transfer Free FTPThis free FTP software can be installed on a variety of platforms including Windows, Linux, Mac OS, UNIX and IBM i, providing flexibility to organizations of all sizes.  GoAnywhere MFT improves FTP security with features like AD authentication, granular folder permissions, password policies to comply with PCI DSS, brute force and DoS attack monitors, and IP blacklists/whitelists.

"Legacy FTP servers are lacking the security controls, user management and detailed audit logs needed to comply with regulations like PCI DSS and HIPAA" says Bob Luebbe, Chief Architect at Linoma Software.  "With the free edition, any organization can now take advantage of the comprehensive FTP features in GoAnywhere MFT."

Using the free FTP client from GoAnywhere, organizations can add automation to their file transfers.  The ability to schedule transfers and scan for new or modified files on local or remote systems reduces manual processes and the risk of human error.  This saves time and money while improving productivity through reliable data delivery.

The GoAnywhere FTP server makes it possible to set access controls and generate detailed audit logs on all file transfer activity.  This offers a layer of regulatory and policy compliance to organizations currently using FTP to exchange files with trading partners.

GoAnywhere MFT is an on-premise solution that provides centralized control over data access. There are no upfront costs or renewal fees for this fully scalable FTP solution. GoAnywhere MFT can be easily upgraded to meet the changing needs of any business through the purchase of secure file transfer protocols, integrated Open PGP encryption, advanced workflows and in-depth reporting.

This free software installs in minutes and is available for download from the GoAnywhere website at https://www.goanywhere.com/free-ftp.


Sign Up for the FREE Secure File Transfer Webinar Series

Linoma Software is hosting a FREE October Webinar Series on the advantages of securing your system-to-system and person-to-person file transfer processes.  Please take a moment to register for one, or both, of these informative live presentations.

Webinar: Get Your FTP Server in Compliance

Get Your FTP Server in Compliance

Are you still running an outdated FTP server in your DMZ? Does your FTP server have the security controls and audit reporting needed to meet the latest PCI DSS and HIPAA compliance requirements?

GoAnywhere goes beyond a typical FTP server by providing the enterprise-level features and security you need to get compliant.

FREE WEBINAR: Now Available On-Demand

We demonstrate GoAnywhere and how to:

  • Use SFTP, FTPS and HTTPS for file transfers
  • Protect files at rest and in motion with AES 256 encryption
  • Set triggers to automatically process files
  • Control access to private and shared folders with granular permissions
  • Generate detailed audit logs and reports

Register Now


3 Advantages of an On-premise Solution for File Sharing

Are you looking for a better solution than cloud-based file sharing services like Dropbox to transmit sensitive company data?

Put an end to employees using unsecure cloud-based file sharing services. Improve compliance and cut the risk of sensitive company data falling into the wrong hands.

FREE WEBINAR: Now Available On-Demand

We cover the three advantages of an on-premise product for Enteprise File Sync and Sharing (EFSS):

  • Local management of user accounts and files
  • End-to-end encryption of files at rest and in motion
  • No monthly user subscription fees or storage limits

Register Now


Join us for these complimentary webinars to get a valuable tour of GoAnywhere MFT. Linoma's engineers will be on hand during the webinars to answer your technical questions.


5 Signs Your Organization is Ready for MFT

Managed File Transfer Levels the Playing Field for SMB

Low-cost file transfer tools allow mid-market businesses to make simple data exchanges both internally and externally.  As your company grows, however, trading partners demand enterprise-level systems to improve reliability and data security. 

cityscape - mft readyManaged File Transfer (MFT) emerged to reduce the cost and programming skills required for you to meet customer requirements and stay competitive in the marketplace. According to an Info-Tech Research Group report on selecting and implementing an MFT solution, there are five signs that indicate your organization could benefit from this technology.

  1. A need for transparency and traceability in file exchange activities
  2. New business relationships mandate adherence to compliance laws and privacy regulations
  3. Traditional methods of sending data, such as FTP, aren't secure
  4. Processes need to be more agile and adapt to changing network conditions
  5. The inability to comply with government reporting requirements

MFT provides comprehensive audit trails and monitoring to document all file transfer activity. Reports generated from this data show every interaction with the files on your server in great detail and allow you to better serve customers by responding quickly when problems do arise.

When security and reporting tools are needed to meet strict regulatory compliance standards of even highly-regulated industries, MFT delivers.  These include the data protection and integrity requirements found in PCI DSS, GLBA, SOX, Dodd-Frank and state privacy laws.

In light of recent high profile data breaches, many organizations have chosen to reduce their risk by seeking alternatives to unsecure FTP.  MFT gives you the flexibility to connect with trading partners using secure protocols and popular encryption methods like SFTP, FTPS, HTTPS, AS2, Open PGP and ZIP with AES.

In addition, automation and simplified workflows offered in many MFT solutions streamline the process of adding and onboarding trading partners. Companies can reduce or eliminate time spent on manual file exchanges and interrupted file transfers, thus reducing administrative costs and assuring the timely delivery of mission-critical data.

To explore MFT further, download this useful checklist to help in your evaluation of vendors and find the best solution for your organization.


GoAnywhere Managed File Transfer 5.0 Released with Unified Interface and Advanced Reporting

Linoma Software unveils GoAnywhere MFT (Managed File Transfer), version 5.0 of its GoAnywhere secure file transfer software. The upgrade combines the workflow automation capabilities of Linoma's popular GoAnywhere Director solution with secure file transfer protocol (FTP) features from GoAnywhere Services into a single product. In addition, the merged product adds numerous significant enhancements. 

GoAnywhere Managed File Transfer 5.0 Unified Interface DashboardGoAnywhere MFT 5.0 introduces a brand new and customizable browser-based dashboard with more than 20 gadgets providing statistics, graphs, and details of file transfer activity and critical system information. Each administrator has their own personal dashboard, and can arrange informative gadgets to quickly monitor the activity most important to them.

The upgrade delivers advanced Reporting features that include various PDF reports that cover system information and file-transfer activity with details and graphs.  A Security Settings Audit report will analyze a GoAnywhere MFT server's security settings to determine compliance with the Payment Card Industry Data Security Standards (PCI DSS) requirements. The report also suggests actions needed to remedy the settings that are non-compliant.

GoAnywhere continues to provide individual audit logs for job activity, triggers, and file transfers (SFTP and FTP/s, HTTP/s, AS2). The product's new version improves logging by sending the individual log events to a global index for faster, system-wide search results.  The new Global Search can be used to quickly find events for a particular file name, a specific user name or a wide variety of 'Google' like search criteria.

Licensing for GoAnywhere MFT has been revamped allowing Linoma to offer a completely free FTP server, including functions to automate FTP transfers. Every edition of GoAnywhere MFT also includes 10 free user accounts for GoDrive, the on-premise enterprise file synchronization and sharing solution.

GoAnywhere MFT now features the ability to use Internet Content Adaptation Protocol (ICAP) servers as Resources and Tasks to integrate antivirus and DLP (data loss prevention) solutions in your workflows. Customers can scan files for sensitive data and viruses to stop harmful file transfers before they are sent.

Existing customers of GoAnywhere will need to register on the GoAnywhere Customer Portal at my.goanywhere.com to request a new license before installing the upgrade.

To download the software or learn more about the enhancements and features of GoAnywhere MFT 5.0, visit GoAnywhere.com.


GoAnywhere customers rewarded for sharing

We hear a lot from our customers about how much they love the GoAnywhere suite of managed file transfer products. From how much time and money they save by automating processes to becoming more efficient and able to attend other tasks, customer feedback is what inspires us to continue innovating and making our products even better.

From the GoAnywhere Mailbag:

"If I ever go to work for another company, I'm not going to accept unless they agree to purchase GoAnywhere Director."

"GoAnywhere works. We have had ZERO problems with it, which is not something you can say about very many products.

It's gratifying to know that our customers enjoy GoAnywhere as much as we do. The amount of new customers referred from current GoAnywhere customers is a testament to how much they believe in our managed file transfer software and how it's often a game changer for businesses. As our way of saying Thank You, Linoma Software has created a referral program to reward our great customers for sharing their recommendations and GoAnywhere experience with others.

"How do they [GoAnywhere] make any money with the low cost and incredible support they provide?"

"Definitely buy GoAnywhere. It will be the easiest implementation...the best value of software that you've ever had"

To participate, GoAnywhere customers can simply fill out an easy online form when they refer our products to others. They will be rewarded with $500 if the person or company they referred purchases GoAnywhere! It's that simple and there is no limit to the number of people or companies they can refer.

It's our way of saying Thank You to all the people and companies we love working with. If you are a GoAnywhere customer, be sure to enjoy the rewards of our referral program starting today! For additional information or to fill out our referral form, please visit our GoAnywhere Referral Program page. You can learn more about GoAnywhere and our customer experiences in their own words by visiting our Testimonials page or viewing our Customer Review Videos.


SFTP vs FTPS - Best Solution for Secure FTP (Infographic)

With large data breaches recently taking center stage in the media, many businesses have begun paying close attention to internal practices and taking action to improve internal systems and processes. As a result, an increasing number of businesses (people) who rely on data transfers are looking to move away from standard FTP in favor of a more secure method.

We are often asked about the key differences between SFTP and FTPS. There are potential pros and cons with each method, which is why businesses should weigh the differences carefully to determine what option would serve them best.

Over the years, we have tried explaining SFTP vs FTPS in a variety of ways. Between lists and charts and drawings, we found that most people were easily able to comprehend unique aspects of each transfer protocol when it was presented visually.

We created the following infographic to highlight the positives and negatives of using SFTP vs FTPS. You can also view the original blog post for a more detailed comparison.

sftp vs ftps infographic  

Share this Image On Your Site