This has gone on for decades with out some one pointing out that there is something wrong with this process.
Let me count the ways this is wrong:
1. It's not encrypted.
Packet sniffers are very easy to implement even on a switched LAN.
2. There is no way to prove that the remote host is what it says it is.
Server spoofing via DNS or Denial of Service.
3. Access control (in this case) isn't managed.
Static user names and passwords being passed in the clear.
4. Proliferation of potentially sensitive data
Just about every industry is required by law to protect certain kinds of data.
5. Use of old and un-maintainable server for warehousing information.
No warranty, use of old 3rd party software which is unmaintained, End-of-life OS.
It's potential for being 0wned is pretty high.
6. Total disregard of Intranet and Internet facing status of server.
Why? You ask has this issue been allowed to even occur?
Reason #1 Impending retirement. Why would some one who is retiring in 5 or so years would want to learn something new? Ftp and windows file sharing is well known. Ftp has been used on open systems since their inception so everybody supports it. (I mean the standard supports 7 bit file transfers, from the time when bits were expensive, really when is the last time you NEEDED to transfer something using 7 bits as opposed to 8bits?).
Reason #2 Bypassing the chain of command. Why follow protocol and make an official request when you can call the person maintaining the server and have them do it for you.
Reason #3 Maintainers versus dedicated IT staff. In most small and medium organizations, they cant afford dedicated IT staff so they give the position to some one who already does something else. The problem is that the person just puts out fires and performs maintenance. They don't keep up on industry issues and so long as the server limps along everything is fine.
Conclusion:
Because the chain of command is bypassed the Network Administrator isn't aware of it. And the only way he or she will find out about it is either an audit, if it fails or if the server is totally Pwned and now is now selling generic Viagra. Should the latter be the case, a pile of finger pointing ensues and you can guess the rest.
Alternatives:
The solution is finding a suitable replacement technology which is secure and possesses controls on access and availability yet is similar to an existing process so you take advantage of the users existing habits instead of putting them into an uncomfortable situation of learning some "NEW" computer process.
- Pre configuring the email client to use encryption. Email is one of those skills that every one knows or should know.
- Implement Ftp over SSL on a managed file server .(Windows, Linux, Novell ...etc) Most of them have some form of secure drive mapping or mounting which is done transparently to the user. This really is the best choice because most modern server platforms possess some form of auditing features which allow you to track access to resources and or files.
- Secure web application for reports and data. Automate the process and load it into a database then generate the reports on a web page or make it available as a download. A well designed web system can contain all of the controls to keep data safe. Surfing the web is a national pastime, provided you make a usable web interface.
- Controlling movement of data. Prevention of use of external storage devices.
- Encrypting file contents using authentication. Smart cards, public/private keys, hardware keys...etc
My employer (a major research university) went through a process a couple of years ago to decommission all FTP transfers; converting to more secure alternatives. Also, we don't allow external connections to the transfer servers. Instead, we connect to external servers hosted by vendors, etc.
ReplyDeleteIt was a little work to switch, but our data is safer because of it.