Blog

5 TIPS TO ACHIEVE MINIMUM SECURITY FOR FTP

FTP, or File Transfer Protocol, was invented back in 1971 and long before ‘the internet’. It’s a standard network protocol that is built on a client-server architecture model that was developed for the transfer of files between a client and a server on a network. When FTP was developed, security was not in front of the line: authentication (user and password) and content are, for example, not encrypted. Clearly, that is the safest way to approach data transfer. Therefore, for secure transmission, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP). Here, the content and the authentication process are encrypted and thus secured.

We have 5 tips for companies that are still doing FTP today to increase protection to a ‘basic’ level:

  1. Disable standard FTP and move to FTPS and/or SFTP: in the 21st century, using a solution without decent privacy and integrity means putting the door wide open for hackers to access and modify your data.
  2. Use the most recent encryption: if you’re already running FTPS or SFTP, make sure that you are using a recent encryption cypher solution such as AES. Don’t rely on old solutions like Blowfish or DES which can be easily hacked
  3. Implement IP black- and whitelists: an IP blacklist denies a range of IP addresses from accessing the system, either temporarily or permanently. For example, you may want to block certain countries from access. This can also protect you (partially) from distributed DoS attacks
  4. Use an FTP Gateway: typically, FTP servers used to be placed in the DMZ. Doing so limits the risks or exposure to the private network. However, given the DMZ is facing the public internet, it is also a segment that is very vulnerable to attack. Therefore, FTP gateways or reverse proxies can be used, as they offer a special control channel into the private network
  5. Implement file and folder security: contractors, customers, employees, etc. should only have access to data they are allowed to see.

Clearly, adding the (still) basic security layers increases the complexity for the admin, and will increase the cost of the setup. But let’s not forget the end-user impact. They will very often still need to install and setup a local FTP client. This becomes especially tricky (and support-intensive!) when the users are spread across many contractors and customers.

Let’s face it, FTP (even FTPS or SFTP) are not giving businesses the required level of protection, ease-of-use or manageability. Above the surface they are cheap (or free), but below the surface a whole range of risks and costs arise.

Awingu can be the modern alternative to FTP. Awingu is a browser-based “Unified Workspace” solution. It gives access to apps and files from a browser. Architecturally, Awingu is a virtual appliance that acts as a gateway on top of a WebDAV or CIFS file share (something you probably already have in-house).

Awingu will give users access to documents, the ability to download or upload, and even the ability to ‘share’ documents. All of this happens within the framework of a browser of your choice. That is nice and easy for the admin: he or she doesn’t need to manage anything on the end-user’s device.

‘Files’ section in the Awingu workspace: access, download, upload or share documents

In terms of security, Awingu will add a whole lot: authentication runs via the built-in multi-factor authentication solution, and everything is encrypted and runs in HTTPS. The access rights in Active Directory and the file server will apply, so there’s no need to set up a separate rights management. Finally, everything is fully audited and enriched with anomaly detection to assure compliancy (e.g. for GDPR purposes).

Support for Two-factor Authentications is built in.  You will be able to complete a full Audit and get full insight who opened, deleted, uploaded, etc. what document and more.

Oh, and we almost forget about the coolest thing: Awingu is a ‘workspace’. This means that you don’t need to limit yourself to files. You can run your legacy Windows, Linux or web applications and desktops in that same browser-based workspace!

If you are curious about how Awingu can help your company in increasing IT security whilst enabling your workforce, check out Awingu.com or book a free demo with Ciptor or Awingu.

Leave a Comment

Your email address will not be published. Required fields are marked *