Download presentation
Presentation is loading. Please wait.
1
File Transfer Methods : A Security Perspective
2
What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol suite used on the Internet. The File Transfer Protocol makes it possible to transfer files from one computer (or host) on the Internet to another. FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol suite used on the Internet. The File Transfer Protocol makes it possible to transfer files from one computer (or host) on the Internet to another. A user of an FTP program must log in to both hosts in order to transfer a file from one to the other. A user of an FTP program must log in to both hosts in order to transfer a file from one to the other.
3
Objectives To promote sharing of files (computer programs and/or data) To promote sharing of files (computer programs and/or data) To encourage indirect or implicit use of remote computers (via programs) To encourage indirect or implicit use of remote computers (via programs) To shield a user from variations in file storage systems among hosts To shield a user from variations in file storage systems among hosts To transfer data reliably and efficiently To transfer data reliably and efficiently
4
Methods of File Transfer Manual File Transfer Manual File Transfer File Transfer via e-mail File Transfer via e-mail File Transfer via HTTP File Transfer via HTTP File Transfer via Anonymous/WU-FTP File Transfer via Anonymous/WU-FTP File Transfer via SFTP / SCP File Transfer via SFTP / SCP
5
Manual Transfer Media Through Floppy Disk. Through Floppy Disk. Through CD/DVD Through CD/DVD Through Tape Through Tape Through Zip Drive Through Zip Drive Through USB Drives Through USB Drives Through Hard disk. Through Hard disk.
6
Weaknesses (Manual Transfer) Incompatibility of Media Incompatibility of Media Limited capacity of Media Limited capacity of Media If the media is lost, misplaced or damaged the data is gone. If lost or misplaced, the data could be readily accessible to the finder. If the media is lost, misplaced or damaged the data is gone. If lost or misplaced, the data could be readily accessible to the finder. Physical Access of source and destination systems are required. Physical Access of source and destination systems are required.
7
Strengths (Manual Transfer) Even though it is an old method of file transfer it is very secure through the trustees. Even though it is an old method of file transfer it is very secure through the trustees. Since the data is not transferred through the wire there is no possibility of cyber attack like (Packet sniffing, Man in the middle, hijacking, eavesdropping on the network, etc.) Since the data is not transferred through the wire there is no possibility of cyber attack like (Packet sniffing, Man in the middle, hijacking, eavesdropping on the network, etc.) This can be very useful for top secret data transfer. This can be very useful for top secret data transfer.
8
Weaknesses (Transfer via Email) Mostly insecure unless the data is specifically encrypted. Mostly insecure unless the data is specifically encrypted. Requires third party mail server where copy of information is stored. Requires third party mail server where copy of information is stored. Very high probability of delivery to unintended recipients or getting lost on the network. Very high probability of delivery to unintended recipients or getting lost on the network. No control over destination directory. Require user intervention to store the document to a specific folder No control over destination directory. Require user intervention to store the document to a specific folder Highly vulnerable to man in the middle attack or session hijacking attack. Highly vulnerable to man in the middle attack or session hijacking attack. Extremely common and preferred method of spreading viruses. Extremely common and preferred method of spreading viruses. Severe limitation on the size and number of files being transferred. Severe limitation on the size and number of files being transferred.
9
Strengths (Transfer via Email) Very easy and economical way to transfer files. Even non technical users can easily transfer files. Very easy and economical way to transfer files. Even non technical users can easily transfer files. Files can be sent in an encrypted manner if needed. Files can be sent in an encrypted manner if needed. As compared to manual method of file transfer this method is extremely fast. As compared to manual method of file transfer this method is extremely fast. If the data is not confidential then this is the best way to transfer between personal users. If the data is not confidential then this is the best way to transfer between personal users.
10
What is Anonymous FTP? Anonymous FTP is a means by which archive sites allow general access to their archives of information. Anonymous FTP is a means by which archive sites allow general access to their archives of information. These sites create a special account called "anonymous“ or “ftp”. These sites create a special account called "anonymous“ or “ftp”. User "anonymous" has limited access rights to the archive host, as well as some operating restrictions. User "anonymous" has limited access rights to the archive host, as well as some operating restrictions. Generally, the only operations allowed are logging in using FTP, accessing and listing the contents of a limited set of directories, storing and retrieving files. Generally, the only operations allowed are logging in using FTP, accessing and listing the contents of a limited set of directories, storing and retrieving files.
11
Weaknesses (Anonymous FTP) The user name and password are universally known. The user name and password are universally known. When connecting to the FTP server the sent data can be ’kidnapped’ to a foreign computer with the result that they will never arrive at the specified target computer. When connecting to the FTP server the sent data can be ’kidnapped’ to a foreign computer with the result that they will never arrive at the specified target computer. From the foreign computer data can be transferred to the actual computer as well as existing data can be viewed and edited. This can be a great danger for companies transferring inhouse information! From the foreign computer data can be transferred to the actual computer as well as existing data can be viewed and edited. This can be a great danger for companies transferring inhouse information!
12
Strengths (Anonymous FTP) This method satisfies the diverse needs of a large population of users with a simple, and easily implemented protocol design. This method satisfies the diverse needs of a large population of users with a simple, and easily implemented protocol design. Anonymous FTP can be a valuable service if correctly configured and administered. Anonymous FTP can be a valuable service if correctly configured and administered.
13
FTP Security Overview Login Authorization : The basic FTP protocol does not have a concept of authentication. Login Authorization : The basic FTP protocol does not have a concept of authentication. Data Channel Encapsulation : Data transferred is directly visible. Data Channel Encapsulation : Data transferred is directly visible.
14
WU - FTP More affectionately known as WU-FTPD, Developed by Washington University. More affectionately known as WU-FTPD, Developed by Washington University. WU-FTPD is the most popular ftp daemon on the Internet, used on many anonymous ftp sites all around the world. WU-FTPD is the most popular ftp daemon on the Internet, used on many anonymous ftp sites all around the world.
15
Weaknesses (WU-FTP) The username and password are still sent in clear text and it is easy to steal the password. The username and password are still sent in clear text and it is easy to steal the password. Data is also transmitted in clear text and highly vulnerable to man in the middle attack. Data is also transmitted in clear text and highly vulnerable to man in the middle attack.
16
Strengths (WU-FTP) Allows user authentication through distinct user name and password. Allows user authentication through distinct user name and password. You can define the role of the user on a particular folder of a particular server / host. You can define the role of the user on a particular folder of a particular server / host.
17
What is SFTP SFTP stands for ‘Secure File Transfer Protocol’. The Secure File Transfer Protocol provides secure file transfer functionality over any reliable data stream. It uses SSH. SFTP stands for ‘Secure File Transfer Protocol’. The Secure File Transfer Protocol provides secure file transfer functionality over any reliable data stream. It uses SSH.
18
Strengths (SFTP) SFTP protocol runs on secure channel. SFTP protocol runs on secure channel. Encrypts all traffic (including passwords) to effectively. Encrypts all traffic (including passwords) to effectively. Provides variety of authentication methods. Provides variety of authentication methods. It can be automated by public and private key authentication. It can be automated by public and private key authentication.
19
Weakness (SFTP) SFTP protocol is designed to provide primarily file transfer, but it also provides general file system access on the remote server - in a secure manner. SFTP protocol is designed to provide primarily file transfer, but it also provides general file system access on the remote server - in a secure manner. Can be intentionally misused Can be intentionally misused
20
Questions Which method is the most secure? Which method is the most secure?
21
Most Secure File Transfer Method IT DEPENDS !!! IT DEPENDS !!!
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.