With the threat of cyberattacks on the rise, keeping corporate servers safe is a constant concern for IT professionals. Typically the first step in FTP Server security is choosing a secure protocol such as FTP/S or SFTP. Sometimes, that’s not possible, so what other security measures can you take?
- Anti-hacking (password guessing) features on your FTP server should be enabled. Your server should have settings for how many invalid password attempts can be made before the user (or program) is locked out. Ideally, this should be set at about 3, but no higher than 5. This makes the time between attempts much longer and reduces the likelihood of password guessing.
- Anti-hammering features should also be enabled. This helps to prevent Denial of Service (DoS) attacks. A DoS attack is a way of making a server unavailable to its users by using a program to saturate the target server with communication requests. This makes the server so busy that it cannot process the legitimate file transfer requests.
- Disable anonymous access – or use with extreme caution. In many FTP servers, there is a user named “anonymous.” If you use anonymous access, make sure that this user is locked into their home directory and has read-only privileges.
- Intelligent password policies should be implemented. Users want their passwords to be simple and easy to remember. Users like words, especially words that mean something to them – a pet’s name or a child’s name. And users often use the exact passwords on a multitude of sites and services. So while your system may be secure from hacking, if a password on another system is hacked, there’s a good chance that password will work in many places.
- Two-factor authentication should be an option. In addition to password policies, one method of drastically reducing the likelihood of password guessing is to implement an additional level of authentication.There are many ways that two-factor authentication can be implemented. A common way of doing this is with a token, such as a Safenet or RSA token.The token displays a numeric string which changes at short intervals. The user is required to enter the string, which is validated against a remote server or satellite.
- Don’t use freeware. Most companies that sell SFTP Servers or Managed File Transfer servers will tell you not to use freeware – and rightly so. But there are legitimate reasons that you may want to stay away from freeware:
- Development environments may not be secure. This increases the risk of malware in free downloads.
- Choose a company that has a vested interest in your success. If your FTP server fails, how important is it for the company to get you working again? How concerned are they about your protection?
- Keep your server and your operating system up to date. If you have good server software and it’s working well for you, there is often a temptation to leave it alone. However, new security threats are born every day, and server software companies are working constantly to keep ahead of these threats. Running out-of-date software means that you may be subjecting your server (and your network) to security threats that can easily be avoided with a simple software update. Similarly, the operating system should also be kept up to date.
- Use PGP (Pretty Good Privacy) encryption– This is the last line of defense for hackers and also prevents internal data leakage. PGP is a way of encrypting data that’s stored on workstations or servers. Its most popular use is to secure email attachments, since email is not sent over a secure protocol. Storing data on your server in an encrypted state gives your files an added layer of security, both from external breaches, as well as legitimate internal access.
If you need to use FTP or SFTP to transfer files, use these tips to make sure that your server is as secure as possible. For the most secure file transfer solution, visit www.cornerstonemft.com.