File Transfer Methods A Security Perspective

File Transfer Methods : A Security Perspective

What is FTP n n FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol suite used on the Internet. The File Transfer Protocol makes it possible to transfer files from one computer (or host) on the Internet to another. A user of an FTP program must log in to both hosts in order to transfer a file from one to the other.

Objectives n n To promote sharing of files (computer programs and/or data) To encourage indirect or implicit use of remote computers (via programs) To shield a user from variations in file storage systems among hosts To transfer data reliably and efficiently

Methods of File Transfer Manual File Transfer n File Transfer via e-mail n File Transfer via HTTP n File Transfer via Anonymous/WU-FTP n File Transfer via SFTP / SCP n

Manual Transfer Media Through Floppy Disk. n Through CD/DVD n Through Tape n Through Zip Drive n Through USB Drives n Through Hard disk. n

Weaknesses (Manual Transfer) n n Incompatibility of Media Limited capacity of Media If the media is lost, misplaced or damaged the data is gone. If lost or misplaced, the data could be readily accessible to the finder. Physical Access of source and destination systems are required.

Strengths (Manual Transfer) n n n Even though it is an old method of file transfer it is very secure through the trustees. Since the data is not transferred through the wire there is no possibility of cyber attack like (Packet sniffing, Man in the middle, hijacking, eavesdropping on the network, etc. ) This can be very useful for top secret data transfer.

Weaknesses (Transfer via Email) n n n n Mostly insecure unless the data is specifically encrypted. Requires third party mail server where copy of information is stored. Very high probability of delivery to unintended recipients or getting lost on the network. No control over destination directory. Require user intervention to store the document to a specific folder Highly vulnerable to man in the middle attack or session hijacking attack. Extremely common and preferred method of spreading viruses. Severe limitation on the size and number of files being transferred.

Strengths (Transfer via Email) n n Very easy and economical way to transfer files. Even non technical users can easily transfer files. Files can be sent in an encrypted manner if needed. As compared to manual method of file transfer this method is extremely fast. If the data is not confidential then this is the best way to transfer between personal users.

What is Anonymous FTP? n n Anonymous FTP is a means by which archive sites allow general access to their archives of information. These sites create a special account called "anonymous“ or “ftp”. User "anonymous" has limited access rights to the archive host, as well as some operating restrictions. Generally, the only operations allowed are logging in using FTP, accessing and listing the contents of a limited set of directories, storing and retrieving files.

Weaknesses (Anonymous FTP) n n n The user name and password are universally known. When connecting to the FTP server the sent data can be ’kidnapped’ to a foreign computer with the result that they will never arrive at the specified target computer. From the foreign computer data can be transferred to the actual computer as well as existing data can be viewed and edited. This can be a great danger for companies transferring inhouse information!

Strengths (Anonymous FTP) This method satisfies the diverse needs of a large population of users with a simple, and easily implemented protocol design. n Anonymous FTP can be a valuable service if correctly configured and administered. n

FTP Security Overview n Login Authorization : The basic FTP protocol does not have a concept of authentication. n Data Channel Encapsulation : Data transferred is directly visible.

WU - FTP More affectionately known as WU-FTPD , Developed by Washington University. n WU-FTPD is the most popular ftp daemon on the Internet, used on many anonymous ftp sites all around the world. n

Weaknesses (WU-FTP) The username and password are still sent in clear text and it is easy to steal the password. n Data is also transmitted in clear text and highly vulnerable to man in the middle attack. n

Strengths (WU-FTP) Allows user authentication through distinct user name and password. n You can define the role of the user on a particular folder of a particular server / host. n

What is SFTP n SFTP stands for ‘Secure File Transfer Protocol’. The Secure File Transfer Protocol provides secure file transfer functionality over any reliable data stream. It uses SSH.

Strengths (SFTP) SFTP protocol runs on secure channel. n Encrypts all traffic (including passwords) to effectively. n Provides variety of authentication methods. n It can be automated by public and private key authentication. n

Weakness (SFTP) SFTP protocol is designed to provide primarily file transfer, but it also provides general file system access on the remote server - in a secure manner. n Can be intentionally misused n

Questions n Which method is the most secure?

Most Secure File Transfer Method n IT DEPENDS !!!