File Transfer Methods : A Security Perspective

Download Report

Transcript File Transfer Methods : A Security Perspective

File Transfer Methods :
A Security Perspective
What is FTP


FTP refers to the File Transfer Protocol,
one of the protocols within the TCP/IP
protocol suite used on the Internet. The
File Transfer Protocol makes it possible to
transfer files from one computer (or host)
on the Internet to another.
A user of an FTP program must log in to
both hosts in order to transfer a file from
one to the other.
Objectives




To promote sharing of files
(computer programs and/or data)
To encourage indirect or implicit use
of remote computers (via programs)
To shield a user from variations in file
storage systems among hosts
To transfer data reliably and
efficiently
Methods of File Transfer





Manual File Transfer
File Transfer via e-mail
File Transfer via HTTP
File Transfer via
Anonymous/WU-FTP
File Transfer via SFTP / SCP
Manual Transfer Media






Through Floppy Disk.
Through CD/DVD
Through Tape
Through Zip Drive
Through USB Drives
Through Hard disk.
Weaknesses
(Manual Transfer)




Incompatibility of Media
Limited capacity of Media
If the media is lost, misplaced or
damaged the data is gone. If lost or
misplaced, the data could be readily
accessible to the finder.
Physical Access of source and
destination systems are required.
Strengths (Manual Transfer)



Even though it is an old method of file
transfer it is very secure through the
trustees.
Since the data is not transferred through
the wire there is no possibility of cyber
attack like (Packet sniffing, Man in the
middle, hijacking, eavesdropping on the
network, etc.)
This can be very useful for top secret data
transfer.
Weaknesses
(Transfer via Email)







Mostly insecure unless the data is specifically
encrypted.
Requires third party mail server where copy of
information is stored.
Very high probability of delivery to unintended
recipients or getting lost on the network.
No control over destination directory. Require user
intervention to store the document to a specific
folder
Highly vulnerable to man in the middle attack or
session hijacking attack.
Extremely common and preferred method of
spreading viruses.
Severe limitation on the size and number of files
being transferred.
Strengths (Transfer via Email)




Very easy and economical way to transfer
files. Even non technical users can easily
transfer files.
Files can be sent in an encrypted manner if
needed.
As compared to manual method of file
transfer this method is extremely fast.
If the data is not confidential then this is the
best way to transfer between personal
users.
What is Anonymous FTP?




Anonymous FTP is a means by which
archive sites allow general access to their
archives of information.
These sites create a special account called
"anonymous“ or “ftp”.
User "anonymous" has limited access
rights to the archive host, as well as some
operating restrictions.
Generally, the only operations allowed are
logging in using FTP, accessing and listing
the contents of a limited set of directories,
storing and retrieving files.
Weaknesses
(Anonymous FTP)



The user name and password are
universally known.
When connecting to the FTP server the
sent data can be ’kidnapped’ to a foreign
computer with the result that they will never
arrive at the specified target computer.
From the foreign computer data can be
transferred to the actual computer as well
as existing data can be viewed and edited.
This can be a great danger for companies
transferring inhouse information!
Strengths (Anonymous FTP)


This method satisfies the
diverse needs of a large
population of users with a
simple, and easily implemented
protocol design.
Anonymous FTP can be a
valuable service if correctly
configured and administered.
FTP Security Overview

Login Authorization : The basic
FTP protocol does not have a
concept of authentication.

Data Channel Encapsulation :
Data transferred is directly
visible.
WU - FTP


More affectionately known as
WU-FTPD , Developed by
Washington University.
WU-FTPD is the most popular
ftp daemon on the Internet, used
on many anonymous ftp sites all
around the world.
Weaknesses (WU-FTP)


The username and password
are still sent in clear text and it is
easy to steal the password.
Data is also transmitted in clear
text and highly vulnerable to
man in the middle attack.
Strengths (WU-FTP)


Allows user authentication
through distinct user name and
password.
You can define the role of the
user on a particular folder of a
particular server / host.
What is SFTP

SFTP stands for ‘Secure File
Transfer Protocol’. The Secure
File Transfer Protocol provides
secure file transfer functionality
over any reliable data stream. It
uses SSH.
Strengths (SFTP)




SFTP protocol runs on secure
channel.
Encrypts all traffic (including
passwords) to effectively.
Provides variety of
authentication methods.
It can be automated by public
and private key authentication.
Weakness (SFTP)


SFTP protocol is designed to
provide primarily file transfer, but
it also provides general file
system access on the remote
server - in a secure manner.
Can be intentionally misused
Questions

Which method is the most
secure?
Most Secure
File Transfer Method

IT DEPENDS !!!