image
image

Avert­ing Intrud­ers and Mali­cious Employees

FTP is a prime tar­get for intrud­ers as well as mali­cious employ­ees and con­trac­tors. Tools and tech­niques used to gain access to FTP servers are widely shared even amongst ama­teur hack­ers. Tens of thou­sands of hack­ers have taken the time to cre­ate and upload instruc­tional videos on how to attack FTP and post them on polu­lar sites like YouTube. That these videos amass hun­dreds of thou­sands of views shows how pop­u­lar FTP attacks are.

Some of the main rea­sons are:

  • FTP allows an intruder unlim­ited logon attempts
  • FTP is wide­spread use in every com­pany, but with­out cen­tral­ized management
  • Most enter­prises are unaware of the pro­lif­er­a­tion of FTP in their network
  • The lack of aware­ness leads to a lack of mon­i­tor­ing tools to detect or pre­vent attacks
  • The risk of detec­tion is min­i­mal due to the lack of monitoring
  • New meth­ods dras­ti­cally reduce the num­ber of attempts needed to obtain a password

Sen­try Armor™ detects attacks AND actively blocks the attacks in real-​time while alert­ing IT staff of the attack tak­ing place.

Next Steps




White Paper:
Com­mon Mis­con­cep­tions
about File Trans­fer Security

Quick Read:
What you need to know
about Brute Force Attacks






Sen­try Armor™ Datasheet

Sen­try Armor™ Tech­Pa­per

Con­tact us for more infor­ma­tion

More infor­ma­tion on secur­ing file transfers

  • Resources
  • Why is the Threat grow­ing?
  • What are Brute Force Attacks?
  • What can’t my Fire­wall pro­tect me?
image image

How to con­duct a File Trans­fer Audit

Your orga­ni­za­tion needs reg­u­lar File Trans­fer Audits to ensure all data move­ments in your enter­prise are con­ducted responsibly.

Get our Whitepa­per “Audit­ing Com­plex File Trans­fer Envi­ron­ments” here:

Down­load

Why is the threat growing?

Most peo­ple expect their account to be locked after enter­ing a num­ber of invalid pass­words in a row — whether it is when they log on to a com­puter or when they insert their debit card into an ATM. Not so with FTP. A num­ber of prod­ucts to aid in auto­mated FTP pass­word hack­ing make use of the fact that FTP will allow users to enter invalid pass­words lit­er­ally for days with­out lock­ing the account or alert­ing any­one. These tools are widely avail­able on the inter­net, and the instruc­tions on how to use them are even posted on YouTube and other video shar­ing sites.

FTP hack­ing tools typ­i­cally offer two meth­ods of attacks:

Dictionary-​based Attacks

While Brute Force Attacks are guar­an­teed to even­tu­ally dis­cover the cor­rect pass­word, the down­side is that the may run for a very long time. Attack­ers there­fore often try another, far quicker method first: The Dictionary-​based Attack. With that approach, the attacker sup­plies the tool with a dic­tio­nary — a list of words to try as pass­words in var­i­ous com­bi­na­tions. These lists usu­ally con­sist of human names, pet names, places, TV shows, etc. A sam­ple list might be: ‘adam, Adam, apple, Apple, bar­bara, Bar­bara, chicago, Chicago, fido, Fido, house, House,’ etc. Should the Dictionary-​based attack fail to find the cor­rect pass­word, then the intruder would resort to the Brute Force Attack instead:

Brute Force Attacks

Brute force attacks let the attacker set a min­i­mum and max­i­mum pass­word length, and the tool will con­nect to the FTP server and try all pos­si­ble pass­word com­bi­na­tions match­ing those cri­te­ria in a ser­ial man­ner, e.g. from aaa to ZZZZZZZZ until it finds the cor­rect pass­word. Some FTP Servers (e.g. on z/​OS) do not sup­port case-​sensitive pass­words, which sig­nif­i­cantly increases the vul­ner­a­bil­ity to brute force attacks due to the reduced num­ber of poten­tial pass­word combinations.

What are Brute Force Attacks?

Most peo­ple expect their account to be locked after enter­ing a num­ber of invalid pass­words in a row — whether it is when they log on to a com­puter or when they insert their debit card into an ATM. Not so with FTP. A num­ber of prod­ucts to aid in auto­mated FTP pass­word hack­ing make use of the fact that FTP will allow users to enter invalid pass­words lit­er­ally for days with­out lock­ing the account or alert­ing any­one. These tools are widely avail­able on the inter­net, and the instruc­tions on how to use them are even posted on YouTube and other video shar­ing sites.

FTP hack­ing tools typ­i­cally offer two meth­ods of attacks:

Dictionary-​based Attacks

While Brute Force Attacks are guar­an­teed to even­tu­ally dis­cover the cor­rect pass­word, the down­side is that the may run for a very long time. Attack­ers there­fore often try another, far quicker method first: The Dictionary-​based Attack. With that approach, the attacker sup­plies the tool with a dic­tio­nary — a list of words to try as pass­words in var­i­ous com­bi­na­tions. These lists usu­ally con­sist of human names, pet names, places, TV shows, etc. A sam­ple list might be: ‘adam, Adam, apple, Apple, bar­bara, Bar­bara, chicago, Chicago, fido, Fido, house, House,’ etc. Should the Dictionary-​based attack fail to find the cor­rect pass­word, then the intruder would resort to the Brute Force Attack instead:

Brute Force Attacks

Brute force attacks let the attacker set a min­i­mum and max­i­mum pass­word length, and the tool will con­nect to the FTP server and try all pos­si­ble pass­word com­bi­na­tions match­ing those cri­te­ria in a ser­ial man­ner, e.g. from aaa to ZZZZZZZZ until it finds the cor­rect pass­word. Some FTP Servers (e.g. on z/​OS) do not sup­port case-​sensitive pass­words, which sig­nif­i­cantly increases the vul­ner­a­bil­ity to brute force attacks due to the reduced num­ber of poten­tial pass­word combinations.

Why can’t my Fire­wall pro­tect me?

One of the most com­mon mis­takes made is to assume that only Internet-​facing FTP Servers need to be pro­tected. The oppo­site is true. While a fire­wall is very help­ful in keep­ing the vast major­ity of ama­teur hack­ers, col­lege kids etc. out, fire­walls have the fol­low­ing shortfalls:

  • Fire­walls are no match for pro­fes­sional intrud­ers. Email-​based phish­ing scams and other tech­niques enable pro­fes­sional intrud­ers to take con­trol of com­put­ers on the cor­po­rate net­work despite fire­walls being in place.
  • The advent of telecom­mut­ing and work-​from-​home days makes cor­po­rate devices eas­ier to pen­e­trate, espe­cially when these devices are used by the fam­ily mem­bers of employees.
  • The ris­ing prac­tice of BYOD (Bring Your Own Device) — allow­ing employ­ees to use per­sonal devices for work pur­poses — reduces a corporation’s abil­ity to install appro­pri­ate safe­guards on devices attached to the cor­po­rate network.
  • Fire­walls can­not pro­tect against actions by mali­cious, dis­grun­tled or mis­guided employ­ees and con­trac­tors hav­ing legit­i­mate access to the cor­po­rate net­work. In the recently released report ” Under­stand The State Of Data Secu­rity And Pri­vacy: 2012 To 2013, Indus­try Ana­lyst For­rester Group esti­mates that about 33% of all cases of mali­cious data thefts are per­formed by insid­ers with legit­i­mate access to the network.

Cor­po­ra­tions there­fore need a sec­ond layer of defense – pro­tec­tion against threats from inside the cor­po­rate net­work as well as out­side intrud­ers that have pen­e­trated the fire­wall. Reli­able pro­tec­tion can only be achieved by secur­ing each sys­tem – espe­cially servers hold­ing sen­si­tive data – as if there were no fire­wall at all.

Want to know more?