File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.

Slides:



Advertisements
Similar presentations
Chapter 17: WEB COMPONENTS
Advertisements

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
SSH: An Internet Protocol By Anja Kastl IS World Wide Web Standards.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Chapter 26 remote logging & Ftp
John Degenhart Joseph Allen.  What is FTP?  Communication over Control connection  Communication over Data Connection  File Type  Data Structure.
Communication Network Protocols Jaya Kalidindi CSC 8320(fall 2008)
Telnet/SSH: Connecting to Hosts Internet Technology1.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Computation for Physics 計算物理概論 Introduction to Linux.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Local Area Networks (LAN) are small networks, with a short distance for the cables to run, typically a room, a floor, or a building. - LANs are limited.
Jaringan Komputer Dasar OSI Transport Layer Aurelio Rahmadian.
Certain security vulnerabilities exist in every mode of wireless communications.
Chapter 9 How Do Users Share Computer Files?. What is a File Server A (central) computer which stores files which can be accessed by network users.
XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 5 1 Downloading and Storing Data Using FTP and Other Services to Transfer and.
Computer and Information Science Ch1.3 Computer Networking Ch1.3 Computer Networking Chapter 1.
Directory and File transfer Services By Jothi. Two key resources Lightweight Directory Access Protocol (LDAP) File Transfer protocol Secure file transfer.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
The Internet The internet is simply a worldwide computer network that uses standardised communication protocols to transmit and exchange data.
Internet Business Foundations © 2004 ProsoftTraining All rights reserved.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
BASIC INTERNET PROTOCOLS: http, ftp, telnet. Mirela Walczak.
Data Networking Fundamentals Chapter 7. Objectives In this chapter, you will learn to: Discuss basic networking concepts, including the elements common.
Topic 5: Basic Security.
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
Phil Hurvitz Securing UNIX Servers with the Secure.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence.
Chapter 27 - Faxes & File Transfer (FTP) Introduction Sending a Fax –The Internet can be used to send a fax. Two fax machines can be modified to communicate.
Linux Services Configuration
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
Mohammed F & Aya. Peer-to-peer network are usually common in homes and small businesses and are not necessarily expensive. On a peer-to-peer network each.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.
Configuring and Deploying Web Applications Lesson 7.
File Transfer And Access (FTP, TFTP, NFS). Remote File Access, Transfer and Storage Networks For different goals variety of approaches to remote file.
SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.
INTERNET AND . WHAT IS INTERNET The Internet can be defined as the wired or wireless mode of communication through which one can receive, transmit.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Billy Ripple Dr. Oblitey COSC  File-Sharing ◦ What is it? ◦ Uses ◦ History ◦ Types ◦ Dangers  Case Study  Summary  Works Cited.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Application Layer instructors at St. Clair College in Windsor, Ontario for their slides. Special thanks to instructors at St. Clair College in Windsor,
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
How Do Users Share Computer Files?
Application Layer Honolulu Community College
Understand the OSI Model Part 2
SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH
Fastdroid Produced by : Firas Abdalhaq Mohammad Amour Supervised by : Dr. Raed Alqadi.
Telnet/SSH Connecting to Hosts Internet Technology.
File Transfer Protocol
Topic 5: Communication and the Internet
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
Unit# 5: Internet and Worldwide Web
Chapter 7 Network Applications
Test 3 review FTP & Cybersecurity
MESSAGE ACCESS AGENT: POP AND IMAP
Lecture 36.
Lecture 36.
Presentation transcript:

File Transfer Methods : A Security Perspective

What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol suite used on the Internet. The File Transfer Protocol makes it possible to transfer files from one computer (or host) on the Internet to another. FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol suite used on the Internet. The File Transfer Protocol makes it possible to transfer files from one computer (or host) on the Internet to another. A user of an FTP program must log in to both hosts in order to transfer a file from one to the other. A user of an FTP program must log in to both hosts in order to transfer a file from one to the other.

Objectives To promote sharing of files (computer programs and/or data) To promote sharing of files (computer programs and/or data) To encourage indirect or implicit use of remote computers (via programs) To encourage indirect or implicit use of remote computers (via programs) To shield a user from variations in file storage systems among hosts To shield a user from variations in file storage systems among hosts To transfer data reliably and efficiently To transfer data reliably and efficiently

Methods of File Transfer Manual File Transfer Manual File Transfer File Transfer via File Transfer via File Transfer via HTTP File Transfer via HTTP File Transfer via Anonymous/WU-FTP File Transfer via Anonymous/WU-FTP File Transfer via SFTP / SCP File Transfer via SFTP / SCP

Manual Transfer Media Through Floppy Disk. Through Floppy Disk. Through CD/DVD Through CD/DVD Through Tape Through Tape Through Zip Drive Through Zip Drive Through USB Drives Through USB Drives Through Hard disk. Through Hard disk.

Weaknesses (Manual Transfer) Incompatibility of Media Incompatibility of Media Limited capacity of Media Limited capacity of Media If the media is lost, misplaced or damaged the data is gone. If lost or misplaced, the data could be readily accessible to the finder. If the media is lost, misplaced or damaged the data is gone. If lost or misplaced, the data could be readily accessible to the finder. Physical Access of source and destination systems are required. Physical Access of source and destination systems are required.

Strengths (Manual Transfer) Even though it is an old method of file transfer it is very secure through the trustees. Even though it is an old method of file transfer it is very secure through the trustees. Since the data is not transferred through the wire there is no possibility of cyber attack like (Packet sniffing, Man in the middle, hijacking, eavesdropping on the network, etc.) Since the data is not transferred through the wire there is no possibility of cyber attack like (Packet sniffing, Man in the middle, hijacking, eavesdropping on the network, etc.) This can be very useful for top secret data transfer. This can be very useful for top secret data transfer.

Weaknesses (Transfer via ) Mostly insecure unless the data is specifically encrypted. Mostly insecure unless the data is specifically encrypted. Requires third party mail server where copy of information is stored. Requires third party mail server where copy of information is stored. Very high probability of delivery to unintended recipients or getting lost on the network. Very high probability of delivery to unintended recipients or getting lost on the network. No control over destination directory. Require user intervention to store the document to a specific folder No control over destination directory. Require user intervention to store the document to a specific folder Highly vulnerable to man in the middle attack or session hijacking attack. Highly vulnerable to man in the middle attack or session hijacking attack. Extremely common and preferred method of spreading viruses. Extremely common and preferred method of spreading viruses. Severe limitation on the size and number of files being transferred. Severe limitation on the size and number of files being transferred.

Strengths (Transfer via ) Very easy and economical way to transfer files. Even non technical users can easily transfer files. Very easy and economical way to transfer files. Even non technical users can easily transfer files. Files can be sent in an encrypted manner if needed. Files can be sent in an encrypted manner if needed. As compared to manual method of file transfer this method is extremely fast. As compared to manual method of file transfer this method is extremely fast. If the data is not confidential then this is the best way to transfer between personal users. If the data is not confidential then this is the best way to transfer between personal users.

What is Anonymous FTP? Anonymous FTP is a means by which archive sites allow general access to their archives of information. Anonymous FTP is a means by which archive sites allow general access to their archives of information. These sites create a special account called "anonymous“ or “ftp”. These sites create a special account called "anonymous“ or “ftp”. User "anonymous" has limited access rights to the archive host, as well as some operating restrictions. User "anonymous" has limited access rights to the archive host, as well as some operating restrictions. Generally, the only operations allowed are logging in using FTP, accessing and listing the contents of a limited set of directories, storing and retrieving files. Generally, the only operations allowed are logging in using FTP, accessing and listing the contents of a limited set of directories, storing and retrieving files.

Weaknesses (Anonymous FTP) The user name and password are universally known. The user name and password are universally known. When connecting to the FTP server the sent data can be ’kidnapped’ to a foreign computer with the result that they will never arrive at the specified target computer. When connecting to the FTP server the sent data can be ’kidnapped’ to a foreign computer with the result that they will never arrive at the specified target computer. From the foreign computer data can be transferred to the actual computer as well as existing data can be viewed and edited. This can be a great danger for companies transferring inhouse information! From the foreign computer data can be transferred to the actual computer as well as existing data can be viewed and edited. This can be a great danger for companies transferring inhouse information!

Strengths (Anonymous FTP) This method satisfies the diverse needs of a large population of users with a simple, and easily implemented protocol design. This method satisfies the diverse needs of a large population of users with a simple, and easily implemented protocol design. Anonymous FTP can be a valuable service if correctly configured and administered. Anonymous FTP can be a valuable service if correctly configured and administered.

FTP Security Overview Login Authorization : The basic FTP protocol does not have a concept of authentication. Login Authorization : The basic FTP protocol does not have a concept of authentication. Data Channel Encapsulation : Data transferred is directly visible. Data Channel Encapsulation : Data transferred is directly visible.

WU - FTP More affectionately known as WU-FTPD, Developed by Washington University. More affectionately known as WU-FTPD, Developed by Washington University. WU-FTPD is the most popular ftp daemon on the Internet, used on many anonymous ftp sites all around the world. WU-FTPD is the most popular ftp daemon on the Internet, used on many anonymous ftp sites all around the world.

Weaknesses (WU-FTP) The username and password are still sent in clear text and it is easy to steal the password. The username and password are still sent in clear text and it is easy to steal the password. Data is also transmitted in clear text and highly vulnerable to man in the middle attack. Data is also transmitted in clear text and highly vulnerable to man in the middle attack.

Strengths (WU-FTP) Allows user authentication through distinct user name and password. Allows user authentication through distinct user name and password. You can define the role of the user on a particular folder of a particular server / host. You can define the role of the user on a particular folder of a particular server / host.

What is SFTP SFTP stands for ‘Secure File Transfer Protocol’. The Secure File Transfer Protocol provides secure file transfer functionality over any reliable data stream. It uses SSH. SFTP stands for ‘Secure File Transfer Protocol’. The Secure File Transfer Protocol provides secure file transfer functionality over any reliable data stream. It uses SSH.

Strengths (SFTP) SFTP protocol runs on secure channel. SFTP protocol runs on secure channel. Encrypts all traffic (including passwords) to effectively. Encrypts all traffic (including passwords) to effectively. Provides variety of authentication methods. Provides variety of authentication methods. It can be automated by public and private key authentication. It can be automated by public and private key authentication.

Weakness (SFTP) SFTP protocol is designed to provide primarily file transfer, but it also provides general file system access on the remote server - in a secure manner. SFTP protocol is designed to provide primarily file transfer, but it also provides general file system access on the remote server - in a secure manner. Can be intentionally misused Can be intentionally misused

Questions Which method is the most secure? Which method is the most secure?

Most Secure File Transfer Method IT DEPENDS !!! IT DEPENDS !!!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.