SlideShare a Scribd company logo

Pros and Cons of Filezilla FTP in case of Secured Enterprise file Transfer.pptx

A
anbesa1

Computer security is the protection that is set up for computer systems and keeps critical information from unauthorized access, theft, or misuse. There are various practices in place that are widely in use, mainly for the protection of computer systems, networks and preventing potential malicious activities. While computer hardware is secured in the same way that sensitive equipment such as lockers and doors are protected, critical information and system access and authorization, on the other hand, are protected through complex security tactics and practices. File Transfer Protocol (FTP) and Secure FTP (SFTP) are among the most widely used methods for file sharing. Part of the appeal is that they are simple to use and often free or very inexpensive. Typically, organizations get started with FTP because they have an occasional need to send non-sensitive files. The technology works well in these situations, but when used more broadly it can put your business at risk.

Technology
1 of 13
Pros and Cons of Filezilla FTP in case of Secured Enterprise file Transfer Prepared by: Anbesa Jima
Introduction • Computer security is the protection that is set up for computer systems and keeps critical information from unauthorized access, theft, or misuse. There are various practices in place that are widely in use, mainly for the protection of computer systems, networks and preventing potential malicious activities. While computer hardware is secured in the same way that sensitive equipment such as lockers and doors are protected, critical information and system access and authorization, on the other hand, are protected through complex security tactics and practices. • File Transfer Protocol (FTP) and Secure FTP (SFTP) are among the most widely used methods for file sharing. Part of the appeal is that they are simple to use and often free or very inexpensive. Typically, organizations get started with FTP because they have an occasional need to send non-sensitive files. The technology works well in these situations, but when used more broadly it can put your business at risk.
• Recent research reveals that more than 400 million files from FTP servers are publicly available online. Critical data needs to remain secure and under your control, but FTP was not designed with secure file transfer in mind and SFTP lacks security controls to handle today’s cyber threats • Computer Security is the protection of computing systems and the data that they store or access. • Cyber Security is a set of principles and practices designed to safeguard your computing assets and online information against threats.
Filezilla FTP • FTP stands for file transfer protocol; here this article gives information about the advantages and disadvantages of File zilla FTP to know more details about it. • Before you can determine if FTP is the best way for your business to transfer data, you need to know what the drawbacks of using this protocol are. Let’s explore a few. • FTP is inherently an non-secure way to transfer data. When a file is sent using this protocol, the data, username, and password are all shared in plain text, which means a hacker can access this information with little to no effort.
What is the issue? • FileZilla users observed the “complete” FileZilla installer creating an unidentified process which spawns multiple command line prompts that append dat files (a generic data file) together. • Many programs create, open, or reference dat files. These files may contain data in binary or text format, and typically they are accessed only by the application that created them. While using FileZilla, users observed a process that reaches out to random, unrelated IP Addresses over TCP/80. This can be an indication of malicious behavior, such as command and control traffic. • Certain versions of FileZilla Server contain vulnerabilities in their distribution of OpenSSL. An attacker could launch Denial-of-Service attacks via multiple attack vectors or use the vulnerable SSL distribution to cause a buffer overflow and potentially execute arbitrary code. • Another issue is for large enterprise or governmental office when use plan to use filezilla and allowed the ports the attackers follow that tunnels and gets to your networks.
How does the malware get installed on your computer? • A pop-up link will alert the user that their FileZilla application is out-of-date and will direct the user to the website for filezilla-project.org. The download from this link delivers a malicious bundle installation wrapper, a program used to execute one or more installation program. The wrapper contains malware such as fusioncore, installcore, Eldorado, PUP, and PUA. Many of these may not be detected by anti-virus software.
Advantages of Filezilla FTP: • FTP easily facilitates those large transfers, • FileZilla provides an easy-to-understand application for non-IT users • Moving files between internal servers are very easy with FileZilla, particularly between Linux and Windows servers. • FTP is used to allows you to transfer multiple files • Many more FTP clients also have the ability to schedule a transfer • The ability to add items to a queue to be uploaded as well as downloaded • The ability to resume a transfer if the connection is totally lost
Disadvantages of Filezilla FTP: • FTP is vulnerable to brute force attacks, • Any user with the FTP credentials will have access to everything on the FTP server • Audit trails aren’t an option with FTP, making it difficult to track down the source of a leak or monitor project progress. • Uploading and downloading many files can sometimes be slow. An estimated time of completion could help make the transition more enduring. • Sometimes it can be tricky to find out where your file went. • The application crashes from time to time, causing you to have to start over. • The editing and viewing feature in FileZilla is not as user-friendly as some other applications. Editing sometimes requires downloading a file and editing it, and then re-applying the file. • Placing and saving encryption keys can sometimes be difficult for non-expert users. FileZilla- driven prompts to assist in this would be helpful. • Once you delete an item, it is gone forever. • Updates might be released more often • Usernames, password, and files are sent in clear text • Servers can be spoofed to send data to a random port on an unintended computer side • Filtering active FTP connection is too much difficulty on your local machine • TLS 1.2 not always supported over https • X-Force Vulnerability Report FileZilla privilege escalation (1) • CVE-2019-5429
• Filezilla-cve20195429-priv-esc (160288) reported Apr 29, 2019 • FileZilla could allow a local authenticated attacker to gain elevated privileges on the system, caused by an untrusted search path flaw in home directory. By inserting a malicious 'fzsftp' binary in the path, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges • Confidentiality Impact • High • Integrity Impact • High • Availability Impact • High • Filezilla-local search-dos (157750) reported Mar 1, 2019 • FileZilla is vulnerable to a denial of service. By sending specially-crafted input to the 'Local search' field, a local attacker could exploit this vulnerability to cause the application to crash. • Filezilla-addbookmark-dos (151058) reported Oct 10, 2018 • FileZilla is vulnerable to a denial of service, caused by improper input validation of bookmark name. By sending an overly long argument to the Bookmarks field, a remote attacker could exploit this vulnerability to cause the application to crash. • Filezilla-ftpclient-unquotedpath-priv-esc (113140) reported May 11, 2016 • FileZilla FTP Client could allow a local attacker to gain elevated privileges on the system, caused by an unquoted search path in the C:Program FilesFileZilla FTP Clientuninstall.exe. By inserting code in the system root path, an attacker could exploit this vulnerability to execute arbitrary code with root privileges. Confidentiality Impact • High Integrity Impact • High Availability Impact • High
• Filezilla vulnerabilities and exploits (2) • Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue... • Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party... • Buffer overflow in FileZilla prior to 2.2.23 allows remote malicious users to execute arbitrary commands via unknown attack vectors. • FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently." • Multiple format string vulnerabilities in FileZilla prior to 2.2.32 allow remote malicious users to execute arbitrary code via format string specifies in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information. • Untrusted search path in FileZilla prior to 3.41.0-rc1 allows a malicious user to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
What can you do to protect yourself? • FTP was not built to be secure. It is generally considered to be an insecure protocol because it relies on clear-text usernames and passwords for authentication and does not use encryption. Data sent via FTP is vulnerable to sniffing, spoofing, and brute force attacks, among other basic attack methods. • To protect yourself against this riskware and sensitive information don’t use FileZilla. • To transfer protected information, use locally developed web based file transfer software • For user data exchange, consider cloud-based storage-as-a-service. • When downloading applications and software from the Internet, always save them to a file and run antivirus software against them before execution to ensure they are free of any malware.
• Why is Computer Security Important? • Computer Security allows the Enterprise to carry out its mission by: • Supporting critical business processes • Protecting personal and sensitive information • Enabling people to carry out their jobs, • What are the consequences for security violations? • Risk to security and integrity of personal or confidential information e.g. identity theft, data corruption or destruction; • Lack of availability of critical information in an emergency, etc. • Loss of valuable business information • Loss of employee and public trust, embarrassment, • Costly reporting requirements in the case of a compromise of certain types of personal, financial and health information
Recommendation • It is advised to transfer protected information, use locally developed web based file transfer software for sensitive files. • Browser-based file sharing- Remote working and collaborative efforts are the norm now, so teams need a file-sharing option that provides file version control, real-time file syncing, easy remote access from any device, and effective communication tools. •

Recommended

Apache Kafka: A high-throughput distributed messaging system @ JCConf 2014
Apache Kafka: A high-throughput distributed messaging system @ JCConf 2014Apache Kafka: A high-throughput distributed messaging system @ JCConf 2014
Apache Kafka: A high-throughput distributed messaging system @ JCConf 2014Chen-en Lu
 
Sockets in unix
Sockets in unixSockets in unix
Sockets in unixswtjerin4u
 
Communications is distributed systems
Communications is distributed systemsCommunications is distributed systems
Communications is distributed systemsSHATHAN
 
IP Multicasting
IP MulticastingIP Multicasting
IP MulticastingTharindu Kumara
 
Rip presentation
Rip presentationRip presentation
Rip presentationEbrahim AlRahawe
 
Routing Protocol EIGRP
Routing Protocol EIGRPRouting Protocol EIGRP
Routing Protocol EIGRPDmitry Figol
 
Getting Started Monitoring with Prometheus and Grafana
Getting Started Monitoring with Prometheus and GrafanaGetting Started Monitoring with Prometheus and Grafana
Getting Started Monitoring with Prometheus and GrafanaSyah Dwi Prihatmoko
 
Padrões essenciais de mensageria para integração de sistemas
Padrões essenciais de mensageria para integração de sistemasPadrões essenciais de mensageria para integração de sistemas
Padrões essenciais de mensageria para integração de sistemasHelder da Rocha
 

Recommended

Apache Kafka: A high-throughput distributed messaging system @ JCConf 2014
Apache Kafka: A high-throughput distributed messaging system @ JCConf 2014Apache Kafka: A high-throughput distributed messaging system @ JCConf 2014
Apache Kafka: A high-throughput distributed messaging system @ JCConf 2014Chen-en Lu
 
Sockets in unix
Sockets in unixSockets in unix
Sockets in unixswtjerin4u
 
Communications is distributed systems
Communications is distributed systemsCommunications is distributed systems
Communications is distributed systemsSHATHAN
 
IP Multicasting
IP MulticastingIP Multicasting
IP MulticastingTharindu Kumara
 
Rip presentation
Rip presentationRip presentation
Rip presentationEbrahim AlRahawe
 
Routing Protocol EIGRP
Routing Protocol EIGRPRouting Protocol EIGRP
Routing Protocol EIGRPDmitry Figol
 
Getting Started Monitoring with Prometheus and Grafana
Getting Started Monitoring with Prometheus and GrafanaGetting Started Monitoring with Prometheus and Grafana
Getting Started Monitoring with Prometheus and GrafanaSyah Dwi Prihatmoko
 
Padrões essenciais de mensageria para integração de sistemas
Padrões essenciais de mensageria para integração de sistemasPadrões essenciais de mensageria para integração de sistemas
Padrões essenciais de mensageria para integração de sistemasHelder da Rocha
 
An Introduction to MongoDB Compass
An Introduction to MongoDB CompassAn Introduction to MongoDB Compass
An Introduction to MongoDB CompassMongoDB
 
Mpls basic
Mpls basicMpls basic
Mpls basicAhmed Hussien Ali Gomaa Bebars
 
Bgp
BgpBgp
BgpFebrian ‎
 
Link Aggregation Group - LACP
Link Aggregation Group - LACPLink Aggregation Group - LACP
Link Aggregation Group - LACPPLVision
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationAndy Davidson
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013mumrah
 
Backup using rsync
Backup using rsyncBackup using rsync
Backup using rsyncGaurav Mishra
 
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...StreamNative
 
Overlay networks
Overlay networksOverlay networks
Overlay networksMayank Chaudhari
 
Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)Globus
 
Distributed System
Distributed System Distributed System
Distributed System Nitesh Saitwal
 
Types of interfaces in a Cisco Router
Types of interfaces in a Cisco RouterTypes of interfaces in a Cisco Router
Types of interfaces in a Cisco RouterNetProtocol Xpert
 
5. icmp
5. icmp5. icmp
5. icmpSwati Arora
 
Multicasting and multicast routing protocols
Multicasting and multicast routing protocolsMulticasting and multicast routing protocols
Multicasting and multicast routing protocolsAbhishek Kesharwani
 
BGP Large Communities in IXPs
BGP Large Communities in IXPsBGP Large Communities in IXPs
BGP Large Communities in IXPsAPNIC
 
Client Centric Consistency Model
Client Centric Consistency ModelClient Centric Consistency Model
Client Centric Consistency ModelRajat Kumar
 
RabbitMQ
RabbitMQRabbitMQ
RabbitMQLenz Gschwendtner
 
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeBuild and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeOmar Al-Safi
 
Juniper mpls best practice part 2
Juniper mpls best practice part 2Juniper mpls best practice part 2
Juniper mpls best practice part 2Febrian ‎
 
Primeiros Passos Com Elasticsearch
Primeiros Passos Com ElasticsearchPrimeiros Passos Com Elasticsearch
Primeiros Passos Com ElasticsearchAnael Ferraz de Carvalho
 
File transfer methods
File transfer methodsFile transfer methods
File transfer methodsPrabhat gangwar
 
BITM3730Week10.pptx
BITM3730Week10.pptxBITM3730Week10.pptx
BITM3730Week10.pptxMattMarino13
 

More Related Content

What's hot

An Introduction to MongoDB Compass
An Introduction to MongoDB CompassAn Introduction to MongoDB Compass
An Introduction to MongoDB CompassMongoDB
 
Link Aggregation Group - LACP
Link Aggregation Group - LACPLink Aggregation Group - LACP
Link Aggregation Group - LACPPLVision
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationAndy Davidson
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013mumrah
 
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...StreamNative
 
Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)Globus
 
Types of interfaces in a Cisco Router
Types of interfaces in a Cisco RouterTypes of interfaces in a Cisco Router
Types of interfaces in a Cisco RouterNetProtocol Xpert
 
Multicasting and multicast routing protocols
Multicasting and multicast routing protocolsMulticasting and multicast routing protocols
Multicasting and multicast routing protocolsAbhishek Kesharwani
 
BGP Large Communities in IXPs
BGP Large Communities in IXPsBGP Large Communities in IXPs
BGP Large Communities in IXPsAPNIC
 
Client Centric Consistency Model
Client Centric Consistency ModelClient Centric Consistency Model
Client Centric Consistency ModelRajat Kumar
 
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeBuild and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeOmar Al-Safi
 
Juniper mpls best practice part 2
Juniper mpls best practice part 2Juniper mpls best practice part 2
Juniper mpls best practice part 2Febrian ‎
 

What's hot (20)

An Introduction to MongoDB Compass
An Introduction to MongoDB CompassAn Introduction to MongoDB Compass
An Introduction to MongoDB Compass
 
Mpls basic
Mpls basicMpls basic
Mpls basic
 
Bgp
BgpBgp
Bgp
 
Link Aggregation Group - LACP
Link Aggregation Group - LACPLink Aggregation Group - LACP
Link Aggregation Group - LACP
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing Optimisation
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
 
Backup using rsync
Backup using rsyncBackup using rsync
Backup using rsync
 
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
 
Overlay networks
Overlay networksOverlay networks
Overlay networks
 
Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)
 
Distributed System
Distributed System Distributed System
Distributed System
 
Types of interfaces in a Cisco Router
Types of interfaces in a Cisco RouterTypes of interfaces in a Cisco Router
Types of interfaces in a Cisco Router
 
5. icmp
5. icmp5. icmp
5. icmp
 
Multicasting and multicast routing protocols
Multicasting and multicast routing protocolsMulticasting and multicast routing protocols
Multicasting and multicast routing protocols
 
BGP Large Communities in IXPs
BGP Large Communities in IXPsBGP Large Communities in IXPs
BGP Large Communities in IXPs
 
Client Centric Consistency Model
Client Centric Consistency ModelClient Centric Consistency Model
Client Centric Consistency Model
 
RabbitMQ
RabbitMQRabbitMQ
RabbitMQ
 
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeBuild and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
 
Juniper mpls best practice part 2
Juniper mpls best practice part 2Juniper mpls best practice part 2
Juniper mpls best practice part 2
 
Primeiros Passos Com Elasticsearch
Primeiros Passos Com ElasticsearchPrimeiros Passos Com Elasticsearch
Primeiros Passos Com Elasticsearch
 

Similar to Pros and Cons of Filezilla FTP in case of Secured Enterprise file Transfer.pptx

BITM3730Week10.pptx
BITM3730Week10.pptxBITM3730Week10.pptx
BITM3730Week10.pptxMattMarino13
 
香港六合彩
香港六合彩香港六合彩
香港六合彩csukxnr
 
六合彩 » SlideShare
六合彩 » SlideShare六合彩 » SlideShare
六合彩 » SlideSharemvtqyygx
 
六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShareyqtvdsbl
 
六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideShare六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideSharemmfirkhw
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideSharecxrcpdu
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩skpkcd
 
香港六合彩-六合彩
香港六合彩-六合彩香港六合彩-六合彩
香港六合彩-六合彩qiohms
 
六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideSharedqxjlhfc
 
filetranferprotocolseminarpresentation.pptx
filetranferprotocolseminarpresentation.pptxfiletranferprotocolseminarpresentation.pptx
filetranferprotocolseminarpresentation.pptxDSPL
 
Respond to the statement below.One of the best protocols today for.pdf
Respond to the statement below.One of the best protocols today for.pdfRespond to the statement below.One of the best protocols today for.pdf
Respond to the statement below.One of the best protocols today for.pdfrufohudsonak74125
 
File transfer protocol
File transfer protocolFile transfer protocol
File transfer protocolMilind Swane
 
File Transfer Protocol
File Transfer ProtocolFile Transfer Protocol
File Transfer ProtocolVinh Nguyen
 
transfer4all – send big files fluidly
transfer4all – send big files fluidly transfer4all – send big files fluidly
transfer4all – send big files fluidly transfer4all ltd
 
Foxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryFoxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryDimitry Snezhkov
 
Using an FTP client - Client server computing
Using an FTP client - Client server computingUsing an FTP client - Client server computing
Using an FTP client - Client server computinglordmwesh
 
Ids 009 network attacks
Ids 009 network attacksIds 009 network attacks
Ids 009 network attacksjyoti_lakhani
 

Similar to Pros and Cons of Filezilla FTP in case of Secured Enterprise file Transfer.pptx (20)

File transfer methods
File transfer methodsFile transfer methods
File transfer methods
 
BITM3730Week10.pptx
BITM3730Week10.pptxBITM3730Week10.pptx
BITM3730Week10.pptx
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
六合彩 » SlideShare
六合彩 » SlideShare六合彩 » SlideShare
六合彩 » SlideShare
 
六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare
 
六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideShare六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideShare
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩
 
香港六合彩-六合彩
香港六合彩-六合彩香港六合彩-六合彩
香港六合彩-六合彩
 
六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare
 
filetranferprotocolseminarpresentation.pptx
filetranferprotocolseminarpresentation.pptxfiletranferprotocolseminarpresentation.pptx
filetranferprotocolseminarpresentation.pptx
 
Respond to the statement below.One of the best protocols today for.pdf
Respond to the statement below.One of the best protocols today for.pdfRespond to the statement below.One of the best protocols today for.pdf
Respond to the statement below.One of the best protocols today for.pdf
 
File transfer protocol
File transfer protocolFile transfer protocol
File transfer protocol
 
Ft pv2(1)
Ft pv2(1)Ft pv2(1)
Ft pv2(1)
 
File Transfer Protocol
File Transfer ProtocolFile Transfer Protocol
File Transfer Protocol
 
transfer4all – send big files fluidly
transfer4all – send big files fluidly transfer4all – send big files fluidly
transfer4all – send big files fluidly
 
StingRay For FTP
StingRay For FTPStingRay For FTP
StingRay For FTP
 
Foxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryFoxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload Delivery
 
Using an FTP client - Client server computing
Using an FTP client - Client server computingUsing an FTP client - Client server computing
Using an FTP client - Client server computing
 
Ids 009 network attacks
Ids 009 network attacksIds 009 network attacks
Ids 009 network attacks
 

Recently uploaded

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 

Recently uploaded (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 

Pros and Cons of Filezilla FTP in case of Secured Enterprise file Transfer.pptx

  • 1. Pros and Cons of Filezilla FTP in case of Secured Enterprise file Transfer Prepared by: Anbesa Jima
  • 2. Introduction • Computer security is the protection that is set up for computer systems and keeps critical information from unauthorized access, theft, or misuse. There are various practices in place that are widely in use, mainly for the protection of computer systems, networks and preventing potential malicious activities. While computer hardware is secured in the same way that sensitive equipment such as lockers and doors are protected, critical information and system access and authorization, on the other hand, are protected through complex security tactics and practices. • File Transfer Protocol (FTP) and Secure FTP (SFTP) are among the most widely used methods for file sharing. Part of the appeal is that they are simple to use and often free or very inexpensive. Typically, organizations get started with FTP because they have an occasional need to send non-sensitive files. The technology works well in these situations, but when used more broadly it can put your business at risk.
  • 3. • Recent research reveals that more than 400 million files from FTP servers are publicly available online. Critical data needs to remain secure and under your control, but FTP was not designed with secure file transfer in mind and SFTP lacks security controls to handle today’s cyber threats • Computer Security is the protection of computing systems and the data that they store or access. • Cyber Security is a set of principles and practices designed to safeguard your computing assets and online information against threats.
  • 4. Filezilla FTP • FTP stands for file transfer protocol; here this article gives information about the advantages and disadvantages of File zilla FTP to know more details about it. • Before you can determine if FTP is the best way for your business to transfer data, you need to know what the drawbacks of using this protocol are. Let’s explore a few. • FTP is inherently an non-secure way to transfer data. When a file is sent using this protocol, the data, username, and password are all shared in plain text, which means a hacker can access this information with little to no effort.
  • 5. What is the issue? • FileZilla users observed the “complete” FileZilla installer creating an unidentified process which spawns multiple command line prompts that append dat files (a generic data file) together. • Many programs create, open, or reference dat files. These files may contain data in binary or text format, and typically they are accessed only by the application that created them. While using FileZilla, users observed a process that reaches out to random, unrelated IP Addresses over TCP/80. This can be an indication of malicious behavior, such as command and control traffic. • Certain versions of FileZilla Server contain vulnerabilities in their distribution of OpenSSL. An attacker could launch Denial-of-Service attacks via multiple attack vectors or use the vulnerable SSL distribution to cause a buffer overflow and potentially execute arbitrary code. • Another issue is for large enterprise or governmental office when use plan to use filezilla and allowed the ports the attackers follow that tunnels and gets to your networks.
  • 6. How does the malware get installed on your computer? • A pop-up link will alert the user that their FileZilla application is out-of-date and will direct the user to the website for filezilla-project.org. The download from this link delivers a malicious bundle installation wrapper, a program used to execute one or more installation program. The wrapper contains malware such as fusioncore, installcore, Eldorado, PUP, and PUA. Many of these may not be detected by anti-virus software.
  • 7. Advantages of Filezilla FTP: • FTP easily facilitates those large transfers, • FileZilla provides an easy-to-understand application for non-IT users • Moving files between internal servers are very easy with FileZilla, particularly between Linux and Windows servers. • FTP is used to allows you to transfer multiple files • Many more FTP clients also have the ability to schedule a transfer • The ability to add items to a queue to be uploaded as well as downloaded • The ability to resume a transfer if the connection is totally lost
  • 8. Disadvantages of Filezilla FTP: • FTP is vulnerable to brute force attacks, • Any user with the FTP credentials will have access to everything on the FTP server • Audit trails aren’t an option with FTP, making it difficult to track down the source of a leak or monitor project progress. • Uploading and downloading many files can sometimes be slow. An estimated time of completion could help make the transition more enduring. • Sometimes it can be tricky to find out where your file went. • The application crashes from time to time, causing you to have to start over. • The editing and viewing feature in FileZilla is not as user-friendly as some other applications. Editing sometimes requires downloading a file and editing it, and then re-applying the file. • Placing and saving encryption keys can sometimes be difficult for non-expert users. FileZilla- driven prompts to assist in this would be helpful. • Once you delete an item, it is gone forever. • Updates might be released more often • Usernames, password, and files are sent in clear text • Servers can be spoofed to send data to a random port on an unintended computer side • Filtering active FTP connection is too much difficulty on your local machine • TLS 1.2 not always supported over https • X-Force Vulnerability Report FileZilla privilege escalation (1) • CVE-2019-5429
  • 9. • Filezilla-cve20195429-priv-esc (160288) reported Apr 29, 2019 • FileZilla could allow a local authenticated attacker to gain elevated privileges on the system, caused by an untrusted search path flaw in home directory. By inserting a malicious 'fzsftp' binary in the path, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges • Confidentiality Impact • High • Integrity Impact • High • Availability Impact • High • Filezilla-local search-dos (157750) reported Mar 1, 2019 • FileZilla is vulnerable to a denial of service. By sending specially-crafted input to the 'Local search' field, a local attacker could exploit this vulnerability to cause the application to crash. • Filezilla-addbookmark-dos (151058) reported Oct 10, 2018 • FileZilla is vulnerable to a denial of service, caused by improper input validation of bookmark name. By sending an overly long argument to the Bookmarks field, a remote attacker could exploit this vulnerability to cause the application to crash. • Filezilla-ftpclient-unquotedpath-priv-esc (113140) reported May 11, 2016 • FileZilla FTP Client could allow a local attacker to gain elevated privileges on the system, caused by an unquoted search path in the C:Program FilesFileZilla FTP Clientuninstall.exe. By inserting code in the system root path, an attacker could exploit this vulnerability to execute arbitrary code with root privileges. Confidentiality Impact • High Integrity Impact • High Availability Impact • High
  • 10. • Filezilla vulnerabilities and exploits (2) • Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue... • Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party... • Buffer overflow in FileZilla prior to 2.2.23 allows remote malicious users to execute arbitrary commands via unknown attack vectors. • FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently." • Multiple format string vulnerabilities in FileZilla prior to 2.2.32 allow remote malicious users to execute arbitrary code via format string specifies in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information. • Untrusted search path in FileZilla prior to 3.41.0-rc1 allows a malicious user to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
  • 11. What can you do to protect yourself? • FTP was not built to be secure. It is generally considered to be an insecure protocol because it relies on clear-text usernames and passwords for authentication and does not use encryption. Data sent via FTP is vulnerable to sniffing, spoofing, and brute force attacks, among other basic attack methods. • To protect yourself against this riskware and sensitive information don’t use FileZilla. • To transfer protected information, use locally developed web based file transfer software • For user data exchange, consider cloud-based storage-as-a-service. • When downloading applications and software from the Internet, always save them to a file and run antivirus software against them before execution to ensure they are free of any malware.
  • 12. • Why is Computer Security Important? • Computer Security allows the Enterprise to carry out its mission by: • Supporting critical business processes • Protecting personal and sensitive information • Enabling people to carry out their jobs, • What are the consequences for security violations? • Risk to security and integrity of personal or confidential information e.g. identity theft, data corruption or destruction; • Lack of availability of critical information in an emergency, etc. • Loss of valuable business information • Loss of employee and public trust, embarrassment, • Costly reporting requirements in the case of a compromise of certain types of personal, financial and health information
  • 13. Recommendation • It is advised to transfer protected information, use locally developed web based file transfer software for sensitive files. • Browser-based file sharing- Remote working and collaborative efforts are the norm now, so teams need a file-sharing option that provides file version control, real-time file syncing, easy remote access from any device, and effective communication tools. •