Securing FTP/iX

Introduction

FTP [File Transfer Protocol] is one of the oldest and most popular internet services, serving as an easy and effective

method by which to transfer files over a network. The information transferred through FTP can be anything from a

simple file transfer to data necessary for authorizing clients to server login (via user and password commands). The

increasing reliance on FTP to transfer ever more vital electronic information makes FTP more vulnerable to attacks

from unauthenticated users.

This represents a security risk whereby passwords can be stolen through the monitoring

of local and wide-

area networks. This aids potential attackers through password exposure and may limit

accessibility of files by FTP servers which have been configured to not accept the inherent security risks. Certain

security risks also exist where an authorized user may (accidentally or deliberately) retrieve, delete, rename and/or

overwrite certain files residing on an FTP/iX server.

The following three relatively new laws or initiatives increase the incentive to transfer data in secure manner:

•

Sarbanes-Oxley (2002),

•

HIPAA (2001), and

•

California Security Breach Notification Act (2003).

These new regulations, combined with pressure from E-commerce partners, are the major reasons for customers to

search for secure MPE/iX file transfer solutions. Responding to these regulations and customer requests, HP has

implemented several enhancements to increase the security of FTP/iX.

FTP/iX Security Overview

Page

Secure FTP on MPE/iX

7/18/2008

http://jazz.external.hp.com/papers/Securing

FTP

Whitepaper.html