Archive for November, 2010

Transferring Large Files over the Internet? A Few Managed File Transfer Recommendations

Posted by on Monday, 29 November, 2010

Internet File TransfersRecent posts on this blog have outlined reasons to consider installing a file transfer system that will help streamline productivity and secure the transfer of sensitive documents. We understand that selecting a product can be time consuming. To help you make the most educated decision here are a few more helpful suggestions to consider when selecting a managed file transfer solution.

  • Easy to learn and easy to use – The managed file transfer (MFT) system you choose should have an intuitive interface that can be learned quickly. No programming skills should be required. If it isn’t easy to use, end-users and non-IT personnel will shy away from using it.
  • Audit trails – The secure file transfer solution should produce comprehensive audit trails of all file transfer activity and support SYSLOG feeds to a central logging server.
  • Produces alerts – An automated file transfer solution should be able to send you email alerts or texts instantly when problems occur.
  • Password security – The managed file service you choose should not show password values on any screens or logs. Encrypts all passwords that are stored.
  • Remote access – The file transfer product allows for remote administration and monitoring of file transfers, preferably through the browser.
  • Web site transfers – The file transfer solution needs the ability to support HTTP and HTTPS protocols for transferring data.

A managed file transfer solution can not only save your department time, but it can also save you money. A comprehensive solution will enable you to complete menial tasks and allow your department to concentrate on the larger picture.

Did I mention we have a managed file transfer product…GoAnywhere? GoAnywhere allows organizations to secure and automate the exchange of data with their trading partners, customers, employees and internal systems. Still not sure what you are looking for? We offer a free product trial and we would be happy to schedule a demo to go over how GoAnywhere can help your company.

Related Blog Post: Top 10 Managed File Transfer Considerations

Top 10 Managed File Transfer Considerations

Posted by on Monday, 8 November, 2010

Before looking for a managed file transfer solution, it is important to determine how data is currently being transferred from your organization. You should find out what users and applications are performing the data transfers, where the source of the data resides, how sensitive the data is, how the data is formatted for the partners and what pGoAnywhere Managed File Transferrotocols are used to transmit the information. If the files are encrypted or compressed before transmission, find out what tools and standards are being utilized.

After you’ve done your in-house analysis, then start a search for a secure file transfer solution that best fits your needs. Listed below are the Top 10 managed file transfer considerations.

1. Platform Openness – To reduce the points of connection to sensitive data and reduce the risk of exposure to those without a need-to-know the MFT solution should be installed on the server operating system where the sensitive data and applications reside. If your corporate data mostly resides on the IBM i, then it would make sense to get a MFT solution that runs on the IBM i.

2. Authorization Controls – To meet many compliance regulations, the MFT solution must provide role based access to limit user access to certain servers or MFT functions based on user credentials.

3. Secure FTP – Plain FTP is not secure. The MFT solution must support both SFTP (FTP over SSH) and FTPS (FTP over SSL) protocols for secure FTP transfers.

4. Encryption Standards – At minimum, the solution should support the industry standard encryption standards: AES, Open PGP, AS2, SSH, SSL, TLS and S/MIME.

5. Database Integration – The MFT should readily connect to DB2, SQL Server, Oracle, MySQL and other popular database servers for extracting and inserting data.

6. Data Transformation – Is the ability to translate data between popular data formats including XML, CSV, Excel and fixed-width text formats.

7. Data Compression – Compresses and packages data using popular standards such as ZIP, GZIP and TAR to reduce transmission times.

8. Application Integration – The MFT should provide commands and APIs for interfacing with your applications.

9. Scheduling – Allows transfers and other MFT functions to be scheduled for future dates and times.

10. Key Management – Does the MFT include management tools for creating, importing and exporting keys and certificates?

Related Blog Post: What Qualifies a Product as a Managed File Transfer Solution?

FTP Server Security Flaw Discovered

Posted by on Monday, 1 November, 2010

We know that FTP has security issues that are based upon its aging design. But a new flaw, discovered by Maksymilian Arciemowicz, is creating new concerns. This new flaw is calling into question the underlying code-base implemented by literally thousands of FTP server applications.

The flaw resides in several C code libraries that call the glob() function. “Globbing” is a pervasive function that permits the use of wildcard patterns to identify file names. It’s one of the most commonly used processes in transferring large numbers of files with FTP: Instead of individually selecting files, a user may select a folder or a group of files based upon a common string. The common use of *.doc or *.* are examples.

The flaw discovered by Arciemowicz relates to a feature added to C libraries in 2001.  That feature – called GLOB_LIMIT – was designed to limit the amount of memory used during transfer. Because GLOB_LIMIT is not effective, it potentially allows a system’s main memory to be flooded when processing certain patterns and this may, depending on the hardware used, cause the system to become very slow, cease to respond or even crash as a result.

Of course, crashing an FTP server can then permit other security violations to take place – not only on the server side. For instance, a hung FTP server that is in the midst of a conversation with a client can leave the client’s data in the open. This represents a serious potential security hole for the client software itself.

In most servers, the function is implemented via libc, but some vendors have integrated the globbing feature directly into their products, with an option in the configuration settings for it to be disabled. Arciemowicz said that OpenBSD 4.7, NetBSD 5.0.2, FreeBSD 7.3 / 8.1, Oracle Sun Solaris 10 and GNU Libc (glibc) are affected. FTP and SFTP servers all tend to support globbing, so it’s important to either disable globbing in the configuration of the server side, and/or to contact the software vendor about the use of this underlying function to discuss how to the function.

GoAnywhere does not have this issue as it does not use C or the GLOB_LIMIT. GoAnywhere Services is a secure file server that allows trading partners (both internal and external) to securely connect to your system and exchange files within a fully managed and audited solution. Popular file transfer and encryption standards are supported without the need for proprietary client software.

Thomas Stockwell

Thomas M. Stockwell is one of Linoma Software's subject matter experts and a top blogger in the industry. He is Principle Analyst at IT Incendiary, with more than 20 years of experience in IT as a Systems Analyst, Engineer, and IS Director.

More Posts - Website

1.800.949.4696  |  sales@linomasoftware.com  |  privacy policy
Copyright ©1994 - 2012 Linoma Software  |  All rights reserved