[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Possible risks for corporate network by opening FTP over internet

Posted on 2010-03-29
8
Medium Priority
?
361 Views
Last Modified: 2013-12-02
Hi experts,

I have to make a risk analysis in the event of installing an FTP client on a corporate network.

The picture is something like this:

The users will have a FTP client installed on their PC and they will be able to upload and download files to a folder in the FTP server. We will be using filezila.

So if you can give some examples of the possible risks that you think the corporate network could be suceptible to, and the possibilities of it to happen in your professional opinion, I will be very greatful.

Regards!
0
Comment
Question by:macoronat
  • 5
  • 3
8 Comments
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 29006279
The public IP address of your FTP server will be under constant attack, mostly from brute-force password hacking.  You should try to limit FTP access to only authorized external IPs if you can via firewall rule.  If that's not possible, expect attacks.  Make sure there are no unprotected guest accounts, no anonymous access, use strong passwords.  If you're lucky you have a firewall or other device that can automatically detect & block brute force attackers.
And put the FTP server in a DMZ if you can.
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 29006567
Also avoid publishing a public DNS name for your FTP server if possible.  Make people use the public IP address to access it.  If you must publish the server in DNS, use a name that doesn't obviously identify it as an FTP server.  Don't give clues out to the server's role via DNS records.
0
 
LVL 3

Author Comment

by:macoronat
ID: 29006861
Dave, thanks for your answer, but we do not own the FTP server, let me be more specific:

The FTP server is not in our hands. It's a service from Filezila. Basically we just have FTP client software in our PC's and we have to log using the credentials provided by Filezila to us (username & password), then it makes a connection to the FTP server using TCP port 21.

We are just allowing access to our users to that service.

Is there any potential risk we might be running into?
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 29007154
Oh.  Well then.  ;)
Is the FTP data sensitive in nature, needs to be secure?  Does Filezilla's FTP hosting service promise any level of security?  Does it support encrypted data transfers between the client and the server?
0
 
LVL 3

Author Comment

by:macoronat
ID: 29013409
Data is important. Most of it is going to be used by several users, and they need to have the same information.

The only level of security is the username and passwords that Filezila provided; and there is no encrypted data transfers between client and servers.
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 29014206
Well there's "important" data, and there's "sensitive" data.  Important means you obviously need it and don't want to lose it.  Sensitive means it cannot be allowed to fall into unauthorized hands or be accessed by any unauthorized personnel.  If your data is sensitive, then the security arrangement you've described is about as minimal as it can get.  You'll be transferring your data across the public Internet without any encryption.  .  The FTP accounts are only as secure as the login names and passwords.  The FTP server itself is only as secure as FileZilla makes it.
My opinion would be this arrangement is probably ok for important data, but very inadequate for sensitive data.
0
 
LVL 13

Assisted Solution

by:IT-Monkey-Dave
IT-Monkey-Dave earned 500 total points
ID: 29014394
Also, under the category of "important data", is the Filezilla FTP server backed up regularly?  Will you be storing the only copy of any important files on it?  If the only copy will be on the Filezilla server, then unless Filezilla states that they back up their servers and have disaster recovery procedures in place, then this arrangement is also unsatisfactory for important data.
0
 
LVL 3

Accepted Solution

by:
macoronat earned 0 total points
ID: 29797617
Understood, and thank you so much for that information, but more specifically, my question about possible treats, was going towards the corporate network, for example, possible attempts of intrusion into the corporate network when a FTP transfer is taking place. Is that something I should concern about?
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Spectre and Meltdown, how it affects me and my clients?
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question