by Stephanie Dunn
June 15, 2016
Organizations today rely on secure methods to transfer financial records and health records, and to backup customer data for business purposes. Many organizations still continue to use File Transfer Protocol (FTP) within legacy systems and custom web applications; however, FTP has no built-in security to protect data in transit. This report provides a comprehensive look at existing FTP vulnerabilities as well as FTP host and port activity, which can help the organization to monitor and control FTP activity.
In 1971, FTP was created to provide an easy solution for computers to exchange data. Unfortunately, FTP was designed during a time before network security was ever considered, and continues to be a highly insecure protocol. Using FTP alone allows for credentials to be transferred in clear text, which can be easily captured by attackers. Organizations have relied on FTP for automated file transfers, nightly backups, or uploading files to a web server. Many organizations are also subject to compliance regulations, and are required to provide a secure method to transfer data safely and securely. Using file transfer protocols such as SSH and SFTP provide a more secure means for transmitting files across the Internet. To ensure secure file transfers, organizations should encrypt confidential data, and utilize more secure file transfer protocols where possible.
This report provides organizations with the latest information on FTP traffic, vulnerabilities, and compliance checks. Tenable.sc Continuous View (CV) supports active scan data collected using Tenable Nessus, which provides insight into current FTP activity, data leakage, and unauthorized FTP software installed on the network. Passive listening uses the Tenable Nessus Network Monitor (NNM) to detect files transferred to and from FTP servers, as well as FTP clients and FTP port activity. NNM also tracks FTP servers with anonymous access enabled. Having anonymous access enabled can allow anyone to access an FTP server without credentials, which can present serious security risks for an organization. Analysts can use this report to gain an understanding of FTP client and server activity, which can be useful in improving existing security controls to protect confidential data.
This report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the Tenable.sc Feed under the category Discovery & Detection. The report requirements are:
- Tenable.sc 5.3.2
- Nessus 8.6.0
- LCE 6.0.0
- NNM 5.9.0
- Compliance Data
Tenable automatically analyzes and provides information from active scanning, intelligent connectors, agent scanning, passive listening, and host data. Host data uses logs to correlate real-time events, monitor FTP activities, and potential data leakage. Active scanning periodically examines hosts within the organization to determine overall risk. Intelligent connectors leverage event logs to improve context and analysis. Agent scanning enables organizations to rapidly assess hosts without the need for credentials. Passive listening detects hosts that were offline during active scans, and provides real-time monitoring to collect information about each host and how the hosts are communicating on the network. Each sensor provides organizations with the tools they need to proactively respond to threats within the enterprise.
The following chapters are included in this report:
- Executive Summary: The Executive Summary chapter provide a detailed summary of FTP vulnerabilities. Elements within this chapter include a bar chart highlighting the vulnerabilities at each severity level, a table of the top most severe FTP vulnerabilities, and a table of the top exploitable FTP vulnerabilities. Analysts can use this chapter to detect, prioritize, and remediate existing vulnerabilities within the organization.
- FTP Activity Summary: This chapter presents detailed information on existing FTP client and server activity within the network. Elements will report on FTP port activity, and provide an overview of any unusual, custom, or other services using port 21. Additional elements can help detect anonymous FTP access enabled on hosts, and FTP file transfer activity. Security teams can also use this chapter to detect and mitigate FTP vulnerabilities that could be exploited by an attacker.