The widespread use of FTP and its inherent purpose — to serve data across the network — make it a prime target for attacks. Tools and techniques used to gain access to FTP servers are widely shared even amongst amateur hackers. In addition, corporations of any kind are a constant victim of attacks from professional intruders.
Unfortunately, most enterprises lack the tools to prevent attacks or even detect they are being attacked.
FTP/Armor detects attacks AND actively blocks the attacks in real-time while alerting IT staff of the attack taking place.
What are FTP Attacks?
Most people expect their account to be locked after entering a number of invalid passwords in a row — whether it is when they log on to a computer or when they insert their debit card into an ATM. Not so with FTP. A number of products to aid in automated FTP password hacking make use of the fact that FTP will allow users to enter invalid passwords literally for days without locking the account or alerting anyone. These tools are widely available on the internet, and the instructions on how to use them are even posted on YouTube and other video sharing sites.
FTP hacking tools typically offer two methods of attacks:
While Brute Force Attacks are guaranteed to eventually discover the correct password, the downside is that the may run for a very long time. Attackers therefore often try another, far quicker method first: The Dictionary-based Attack. With that approach, the attacker supplies the tool with a dictionary — a list of words to try as passwords in various combinations. These lists usually consist of human names, pet names, places, TV shows, etc. A sample list might be: ‘adam, Adam, apple, Apple, barbara, Barbara, chicago, Chicago, fido, Fido, house, House,’ etc. Should the Dictionary-based attack fail to find the correct password, then the intruder would resort to the Brute Force Attack instead:
Brute Force Attacks
Brute force attacks let the attacker set a minimum and maximum password length, and the tool will connect to the FTP server and try all possible password combinations matching those criteria in a serial manner, e.g. from aaa to ZZZZZZZZ until it finds the correct password. Some FTP Servers (e.g. on z/OS) do not support case-sensitive passwords, which significantly increases the vulnerability to brute force attacks due to the reduced number of potential password combinations.
Can a Firewall protect against FTP Attacks?
One of the most common mistakes made is to assume that only Internet-facing FTP Servers need to be protected. The opposite is true. While a firewall is very helpful in keeping the vast majority of amateur hackers, college kids etc. out, firewalls have the following shortfalls:
- Firewalls are no match for professional intruders. Email-based phishing scams and other techniques enable professional intruders to take control of computers on the corporate network despite firewalls being in place.
- The advent of telecommuting and work-from-home days makes corporate devices easier to penetrate, especially when these devices are used by the family members of employees.
- The rising practice of BYOD (Bring Your Own Device) — allowing employees to use personal devices for work purposes — reduces a corporation’s ability to install appropriate safeguards on devices attached to the corporate network.
- Firewalls cannot protect against actions by malicious, disgruntled or misguided employees and contractors having legitimate access to the corporate network. In the recently released report ” Understand The State Of Data Security And Privacy: 2012 To 2013”, Industry Analyst Forrester Group estimates that about 33% of all cases of malicious data thefts are performed by insiders with legitimate access to the network.
Corporations therefore need a second layer of defense – protection against threats from inside the corporate network as well as outside intruders that have penetrated the firewall. Reliable protection can only be achieved by securing each system – especially servers holding sensitive data – as if there were no firewall at all.
FTP/Armor prevents FTP Attacks
FTP/Armor protects your servers from both Dictionary-based and Brute Force FTP Attacks. FTP/Armor monitors your servers and detects when an attack is taking place. A threshold can be set to identify too many logon failures coming from a single IP address. When this threshold is reached, FTP/Armor will automatically kill the attacker’s active session and prevent the attacker’s IP address from getting any further connections with the server. The attack is detected and stopped before problems arise and the attacker is prevented from mounting another attack from the same place.