Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

FTP/WatchDog Business Justification

FTP/WatchDog
Business Justification
Most companies have insufficient knowledge about the FTP activity taking place on their network, what
data is moving in and out of the enterprise and who (or what) is initiating the FTP activity. Knowing
where FTP servers are and what they are being used for enables an organization to address concerns
and exposures to sensitive data.
Management Summary
FTP creates risk for companies and FTP/WatchDog provides the tools and information necessary to
assess and eliminate the risk wherever possible. FTP is here to stay and aggressive FTP auditing and
management is required to mitigate risk. FTP/WatchDog makes it possible to properly manage the FTP
risk with a minimum of employee time and effort.
One inadvertent breach of sensitive company or customer data through FTP (average cost of $6.65
million) would cost a company hundreds of times more than it would cost to avoid the breach through
proper FTP management with FTP/WatchDog.
FTP Creates Risk
Improperly managed FTP servers create unnecessary risk and expose companies to inadvertent breach
of sensitive company and customer data. Most FTP transactions transmit logon sequences (user ID and
password) and data in “clear text”, creating a risk of exposure. In addition, FTP servers offer only
rudimentary protection over data access to the users that are authorized to access the servers. Without
regular auditing and proper management of the FTP servers and FTP server users, sensitive data can be
left unprotected, a risk companies shouldn’t tolerate. Much FTP activity is “ad-hoc” in nature, requiring
diligence on the part of IT management to ensure that unauthorized FTP activity isn’t occurring.
In spite of all of this, the reality is that FTP is not going to go away anytime soon. It is too entrenched in
day-to-day business processes. The only way to effectively mitigate the risk FTP creates and avoid costly
and embarrassing breaches is to perform regular audits and proactively manage FTP availability and
usage.
Cost of a Breach
The Ponemon Institute, a well-respected privacy consultancy interviewed companies that announced
breaches over the past few years and published their findings in a recent study. According to the study
which examined 43 organizations across 17 different industry sectors, data breach incidents cost U.S.
companies $202 per compromised customer record in 2008, compared to $197 in 2007. Within that
number, the largest cost increase in 2008 concerned lost business created by turnover of customers.
Since the study’s inception in 2005, this cost component has grown by more than $64 on a per victim
basis, nearly a 40% increase. Some highlights of the study are:
•
The average total per-incident costs in 2008 were $6.65 million, compared to an average perincident cost of $6.3 million in 2007.
©Copyright 2009, Software Assist Corporation.
All Rights Reserved
1
www.softwareassist.net
(408) 973-8374
FTP/WatchDog
Business Justification
•
Healthcare, insurance and financial services companies experienced the highest customer loss
rate which reflects the sensitivity of the data collected and the customer expectation that
information will be protected.
•
More than 88% of all cases in this year’s study involved insider negligence.
FTP/WatchDog Provides Protection and Visibility
FTP/WatchDog provides protection for companies in a number of ways. FTP/WatchDog users can:
Block Unauthorized Access
FTP/WatchDog-Z can block unauthorized access to the z/OS FTP servers and the mainframe data
they make accessible. This is particularly important for Internet-facing z/OS FTP servers which are
subject to attack from the outside.
Block Unauthorized FTP Usage
FTP/WatchDog-Z can block unauthorized usage of z/OS FTP servers by internal employees and
outside partners that have legitimate access to the server. Simple SAF rules can be written to
control precisely what is allowed and what is not.
Eliminate Unauthorized FTP Servers
Customers can locate and shut down rogue FTP servers (employees set them up without
permission) and ensure that authorized FTP servers are properly configured.
Enhance Automation Efforts
FTP/WatchDog can generate alerts for FTP failures and abnormal FTP activity, triggering manual
and/or automatic intervention to resolve issues early.
Perform Comprehensive Audits in Minutes
IT auditors require that regular, comprehensive FTP audits be performed on FTP usage to ensure
that unauthorized usage isn’t taking place. FTP/WatchDog provides the information necessary to
audit how the FTP servers are being used, who is using them and what data is traveling in and out
of the organization in just a few minutes.
Customer Uses for FTP/WatchDog
FTP/WatchDog customers have the information necessary to identify and correct FTP issues in their
company. A few examples are shown below:
Customer closes IE exposure to FTP Server's root folder
A large direct mail fulfillment provider discovered recently that users who connected to their z/OS
FTP server using Internet Explorer (version 7 and newer) were shown the contents of the z/OS
©Copyright 2009, Software Assist Corporation.
All Rights Reserved
2
www.softwareassist.net
(408) 973-8374
FTP/WatchDog
Business Justification
UNIX root folder after successful logon. This is because IE7, after logging on, changes the directory
to the root folder.
FTP/WatchDog provided the information to diagnose the situation and one simple FTP/WatchDog
SAF rule was all that was needed to close this exposure.
Insurance Company Plagued by FTP Hackers
A large US insurance company has discovered that their Internet-facing FTP servers are regular
targets for FTP hackers. Recently, a single IP address somewhere in the Atlanta area attempted to
log in 16,500 times in a 10 hour period.
FTP/WatchDog-D provided them with the information they needed to close off access to this (and
many other) IP addresses and also provided the basis for notification to the hackers ISP.
FTP/WatchDog-Z User Solves FTP Performance Issue
An FTP/WatchDog-Z customer provider recently resolved an FTP performance problem with the
help of FTP/WatchDog-Z's historical analysis capabilities. The customer began noticing long delays
in FTPs to a printer on the network. Since printing is this company’s primary business focus, the
delay was impacting their core business.
A FTP/WatchDog-Z report showed transmissions to the printer in question over the past 6 months
and confirmed that a definite increase in transmission times had been occurring during this time
period. Having identified the problem as a FTP transmission issue, the team then could focus on
network issues and eventually discovered a problem with an OSA card. They corrected the
problem and the throughput of the printer returned to normal.
FTP/WatchDog-Z User Blocks Hackers
A large direct mail fulfillment provider has detected and locked out a number of "bots" that have
tried to break into their z/OS (mainframe) FTP servers. FTP/WatchDog-Z reports have unveiled a
number of dictionary attack attempts on the company's Internet-facing z/OS FTP servers. The
customer added simple RACF rules to block connection requests from the IP address of the bots,
thereby eliminating any threat of either accidental break-in or denial-of-service attempts.
A search of "FTP Hack" in YouTube reveals a number of detailed videos for mounting attacks on
FTP servers, both manually and using free tools for automating the attack. Companies with
Internet-facing FTP servers are subject to attack from the outside and need to protect themselves.
FTP/WatchDog-Z makes it easy to block attacks from specific or generic IP addresses and/or IP
address ranges.
Rogue FTP Servers Closed with FTP/WatchDog
The Business Protection group in a US health insurer recently completed an audit of the FTP
servers running on their network. Their audit uncovered a number of rogue FTP servers that were
set up without IT approval. It also identified many FTP servers that allowed anonymous access
which was against company policy.
©Copyright 2009, Software Assist Corporation.
All Rights Reserved
3
www.softwareassist.net
(408) 973-8374
FTP/WatchDog
Business Justification
They used the information that the FTP/WatchDog-D audit provided to shut down the
unauthorized FTP servers. They also used the information that the FTP/WatchDog-D audit
provided to have the authorized FTP servers which supported anonymous logon reconfigured to
turn this option off.
The Business Protection team uses FTP/WatchDog-D's FTP Auditor tool to perform monthly
network audits to ensure that no new rogue FTP servers have been set up and also to ensure that
authorized FTP servers are not reconfigured to allow anonymous logon. Every month, they
discover newly set up FTP servers, some even on employee's desktop computers.
US Insurance Company Thwarts Hackers with FTP/WatchDog
A large US health insurer recently installed FTP/WatchDog-D to monitor usage on a bank of
Windows FTP servers. Within hours, they discovered a number of Eastern European and Far
Eastern hackers attempting to break into their publically-accessible FTP servers.
Since they do not do business in Eastern Europe or the Far East, they made the decision to close
off access to their network for these hackers. They used the information provided by
FTP/WatchDog-D to add access rules to their firewall, denying access to their entire network from
the IP addresses where the attacks were taking place. Their FTP servers were put in place to
support the business data transfer requirements of their business partners, not for use by others.
©Copyright 2009, Software Assist Corporation.
All Rights Reserved
4
www.softwareassist.net
(408) 973-8374
Related documents
Chapter 7. TCP/IP Project 7A: The TCP/IP Suite of Protocols
Chapter 7. TCP/IP Project 7A: The TCP/IP Suite of Protocols
Oct03 Science - Collegiate Quizbowl Packet Archive
Oct03 Science - Collegiate Quizbowl Packet Archive
Download