What is an FTP server and why do I need a secure FTP server?

It’s worth giving a bit of background to FTP by answering these two valid questions to start off with.  An FTP server is essentially an area on a computer to which remote users have access to upload and download files from and to using an FTP client or other compatible FTP software.  Security is a concern if the data you want to send, host or download is confidential, personal, financial or could affect the outcome of your business in any way.

Setting up an FTP server and its limitations….

To set up an FTP server you require a computer, operating system and FTP server software.  Generally speaking FTP servers are quite basic in their make up, many operating systems already have them built in for example Microsoft Windows or Apple’s OSX.

The problems with standard FTP servers are not just down to the inadequacies of the server or delivery protocol itself but frequently how they’ve been installed.  The two main issues are:

Installation - this is usually error number one for many users and the most fatal flaw when installing an FTP server.  If you’re going to set up an FTP server install it in a Demilitarized Zone (DMZ) which is an area outside your network but accessible by your internal computers.  The reason for this - well if you go and set up an FTP server internally on your network…. inside your network then its likely you’ll suffer problems…read on.

Authentication - during FTP communications passwords are sent by the client to the server in plain text which basically means it can be read by other, less unscrupulous . So it’s worth considering using a secure FTP server like a StingRay or a secure FTP protocol either FTP over SSH or SSL

Scenario - OK - lets assume at this stage that you’ve set up an FTP server on a Windows PC for example running inside your network.  Your customers are uploading files using FTP to your server and everybody’s happy.  Right?  Wrong!  As noted previously on this blog FTP server username and passwords are stolen, bought and sold.  There are even video’s on Google Video on How To Hack A Windows Server! The thing is, when someone has access to your server which, probably wouldn’t take a determined person long, then as the server is inside your business they have access to everything…… your whole network is insecure!

Installing your FTP server in the DMZ is the first step this way the rest of your network is secured but then what about the data on your server?  Well that’s fair game if it’s sitting there and its still likely that it could be used to bridge the firewall to your network.  How?  Well the key thing here is your Operating System and the fact that files can be executed on your Mac or PC for example.  Once a file is on your server and it auto-runs or unknowingly you open it then BINGO they have control of your FTP Server - a Trojan Horse attack.

So what’s the answer…..?

We’ll clearly I’m going to mention StingRay at this point but these are the very valid reasons why StingRay is a fantastic FTP server:

Firstly, StingRay FTP Server is built on Linux.  Why’s this good?  Well Linux is by developers, for developers and with good reason there are limited numbers of malware applications that can attack your server.

Secondly, StingRay FTP Server doesn’t allow files to be executed or opened on the ftp server appliance.  The functionality has been removed from the operating system.

Thirdly, StingRay FTP Server has two Ethernet ports, one for your internal network and one for the Internet or DMZ.  Why is this important?  Well the routing between the two ports has been removed meaning that if someone were to gain access to the server then they wouldn’t be able to gain access to your network as well.

Fourthly, each StingRay FTP Server has a unique, encrypted root password meaning that if one StingRay user ever found out their root password (which they wouldn’t be able to) then they wouldn’t be able to hack any other system.

If you’re looking for a secure file transfer appliance then StingRay is a serious consideration.  There’s more on the Hermstedt Web Site on security if you’d like to know more, alternatively give us a call and we’ll give you details for an online server and you can check it out yourself.

Bookmark It