SlideShare a Scribd company logo

Pros and Cons of Filezilla FTP in case of Secured Enterprise file Transfer.pptx

A
anbesa1

Computer security is the protection that is set up for computer systems and keeps critical information from unauthorized access, theft, or misuse. There are various practices in place that are widely in use, mainly for the protection of computer systems, networks and preventing potential malicious activities. While computer hardware is secured in the same way that sensitive equipment such as lockers and doors are protected, critical information and system access and authorization, on the other hand, are protected through complex security tactics and practices. File Transfer Protocol (FTP) and Secure FTP (SFTP) are among the most widely used methods for file sharing. Part of the appeal is that they are simple to use and often free or very inexpensive. Typically, organizations get started with FTP because they have an occasional need to send non-sensitive files. The technology works well in these situations, but when used more broadly it can put your business at risk.

Technology
1 of 13
Pros and Cons of Filezilla FTP in case of Secured Enterprise file Transfer Prepared by: Anbesa Jima
Introduction • Computer security is the protection that is set up for computer systems and keeps critical information from unauthorized access, theft, or misuse. There are various practices in place that are widely in use, mainly for the protection of computer systems, networks and preventing potential malicious activities. While computer hardware is secured in the same way that sensitive equipment such as lockers and doors are protected, critical information and system access and authorization, on the other hand, are protected through complex security tactics and practices. • File Transfer Protocol (FTP) and Secure FTP (SFTP) are among the most widely used methods for file sharing. Part of the appeal is that they are simple to use and often free or very inexpensive. Typically, organizations get started with FTP because they have an occasional need to send non-sensitive files. The technology works well in these situations, but when used more broadly it can put your business at risk.
• Recent research reveals that more than 400 million files from FTP servers are publicly available online. Critical data needs to remain secure and under your control, but FTP was not designed with secure file transfer in mind and SFTP lacks security controls to handle today’s cyber threats • Computer Security is the protection of computing systems and the data that they store or access. • Cyber Security is a set of principles and practices designed to safeguard your computing assets and online information against threats.
Filezilla FTP • FTP stands for file transfer protocol; here this article gives information about the advantages and disadvantages of File zilla FTP to know more details about it. • Before you can determine if FTP is the best way for your business to transfer data, you need to know what the drawbacks of using this protocol are. Let’s explore a few. • FTP is inherently an non-secure way to transfer data. When a file is sent using this protocol, the data, username, and password are all shared in plain text, which means a hacker can access this information with little to no effort.
What is the issue? • FileZilla users observed the “complete” FileZilla installer creating an unidentified process which spawns multiple command line prompts that append dat files (a generic data file) together. • Many programs create, open, or reference dat files. These files may contain data in binary or text format, and typically they are accessed only by the application that created them. While using FileZilla, users observed a process that reaches out to random, unrelated IP Addresses over TCP/80. This can be an indication of malicious behavior, such as command and control traffic. • Certain versions of FileZilla Server contain vulnerabilities in their distribution of OpenSSL. An attacker could launch Denial-of-Service attacks via multiple attack vectors or use the vulnerable SSL distribution to cause a buffer overflow and potentially execute arbitrary code. • Another issue is for large enterprise or governmental office when use plan to use filezilla and allowed the ports the attackers follow that tunnels and gets to your networks.
How does the malware get installed on your computer? • A pop-up link will alert the user that their FileZilla application is out-of-date and will direct the user to the website for filezilla-project.org. The download from this link delivers a malicious bundle installation wrapper, a program used to execute one or more installation program. The wrapper contains malware such as fusioncore, installcore, Eldorado, PUP, and PUA. Many of these may not be detected by anti-virus software.
Advantages of Filezilla FTP: • FTP easily facilitates those large transfers, • FileZilla provides an easy-to-understand application for non-IT users • Moving files between internal servers are very easy with FileZilla, particularly between Linux and Windows servers. • FTP is used to allows you to transfer multiple files • Many more FTP clients also have the ability to schedule a transfer • The ability to add items to a queue to be uploaded as well as downloaded • The ability to resume a transfer if the connection is totally lost
Disadvantages of Filezilla FTP: • FTP is vulnerable to brute force attacks, • Any user with the FTP credentials will have access to everything on the FTP server • Audit trails aren’t an option with FTP, making it difficult to track down the source of a leak or monitor project progress. • Uploading and downloading many files can sometimes be slow. An estimated time of completion could help make the transition more enduring. • Sometimes it can be tricky to find out where your file went. • The application crashes from time to time, causing you to have to start over. • The editing and viewing feature in FileZilla is not as user-friendly as some other applications. Editing sometimes requires downloading a file and editing it, and then re-applying the file. • Placing and saving encryption keys can sometimes be difficult for non-expert users. FileZilla- driven prompts to assist in this would be helpful. • Once you delete an item, it is gone forever. • Updates might be released more often • Usernames, password, and files are sent in clear text • Servers can be spoofed to send data to a random port on an unintended computer side • Filtering active FTP connection is too much difficulty on your local machine • TLS 1.2 not always supported over https • X-Force Vulnerability Report FileZilla privilege escalation (1) • CVE-2019-5429
• Filezilla-cve20195429-priv-esc (160288) reported Apr 29, 2019 • FileZilla could allow a local authenticated attacker to gain elevated privileges on the system, caused by an untrusted search path flaw in home directory. By inserting a malicious 'fzsftp' binary in the path, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges • Confidentiality Impact • High • Integrity Impact • High • Availability Impact • High • Filezilla-local search-dos (157750) reported Mar 1, 2019 • FileZilla is vulnerable to a denial of service. By sending specially-crafted input to the 'Local search' field, a local attacker could exploit this vulnerability to cause the application to crash. • Filezilla-addbookmark-dos (151058) reported Oct 10, 2018 • FileZilla is vulnerable to a denial of service, caused by improper input validation of bookmark name. By sending an overly long argument to the Bookmarks field, a remote attacker could exploit this vulnerability to cause the application to crash. • Filezilla-ftpclient-unquotedpath-priv-esc (113140) reported May 11, 2016 • FileZilla FTP Client could allow a local attacker to gain elevated privileges on the system, caused by an unquoted search path in the C:Program FilesFileZilla FTP Clientuninstall.exe. By inserting code in the system root path, an attacker could exploit this vulnerability to execute arbitrary code with root privileges. Confidentiality Impact • High Integrity Impact • High Availability Impact • High
• Filezilla vulnerabilities and exploits (2) • Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue... • Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party... • Buffer overflow in FileZilla prior to 2.2.23 allows remote malicious users to execute arbitrary commands via unknown attack vectors. • FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently." • Multiple format string vulnerabilities in FileZilla prior to 2.2.32 allow remote malicious users to execute arbitrary code via format string specifies in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information. • Untrusted search path in FileZilla prior to 3.41.0-rc1 allows a malicious user to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
What can you do to protect yourself? • FTP was not built to be secure. It is generally considered to be an insecure protocol because it relies on clear-text usernames and passwords for authentication and does not use encryption. Data sent via FTP is vulnerable to sniffing, spoofing, and brute force attacks, among other basic attack methods. • To protect yourself against this riskware and sensitive information don’t use FileZilla. • To transfer protected information, use locally developed web based file transfer software • For user data exchange, consider cloud-based storage-as-a-service. • When downloading applications and software from the Internet, always save them to a file and run antivirus software against them before execution to ensure they are free of any malware.
• Why is Computer Security Important? • Computer Security allows the Enterprise to carry out its mission by: • Supporting critical business processes • Protecting personal and sensitive information • Enabling people to carry out their jobs, • What are the consequences for security violations? • Risk to security and integrity of personal or confidential information e.g. identity theft, data corruption or destruction; • Lack of availability of critical information in an emergency, etc. • Loss of valuable business information • Loss of employee and public trust, embarrassment, • Costly reporting requirements in the case of a compromise of certain types of personal, financial and health information
Recommendation • It is advised to transfer protected information, use locally developed web based file transfer software for sensitive files. • Browser-based file sharing- Remote working and collaborative efforts are the norm now, so teams need a file-sharing option that provides file version control, real-time file syncing, easy remote access from any device, and effective communication tools. •

Recommended

Avaya Aura 6.x suite licensing
Avaya Aura 6.x suite licensingAvaya Aura 6.x suite licensing
Avaya Aura 6.x suite licensingMotty Ben Atia
 
Oracle Service Contracts Lifecycle Management
Oracle Service Contracts Lifecycle ManagementOracle Service Contracts Lifecycle Management
Oracle Service Contracts Lifecycle ManagementMohan Dutt
 
Ip addressing3
Ip addressing3Ip addressing3
Ip addressing3SYEDYAWARIMAMKAZMI
 
How to integrate java application with temenos t24
How to integrate java application with temenos t24How to integrate java application with temenos t24
How to integrate java application with temenos t24Mahmoud Elkholy PMI-ACP
 
أساليب تشفير البيانات، بناء مقاطع التشفير
أساليب تشفير البيانات، بناء مقاطع التشفيرأساليب تشفير البيانات، بناء مقاطع التشفير
أساليب تشفير البيانات، بناء مقاطع التشفيرOmar Alabri
 
Ataque mit m usando ettercap a
Ataque mit m usando ettercap aAtaque mit m usando ettercap a
Ataque mit m usando ettercap aTensor
 
Components of client server application
Components of client server applicationComponents of client server application
Components of client server applicationAshwin Ananthapadmanabhan
 
Oracle Fusion Architecture
Oracle Fusion ArchitectureOracle Fusion Architecture
Oracle Fusion ArchitectureVinay Kumar
 

Recommended

Avaya Aura 6.x suite licensing
Avaya Aura 6.x suite licensingAvaya Aura 6.x suite licensing
Avaya Aura 6.x suite licensingMotty Ben Atia
 
Oracle Service Contracts Lifecycle Management
Oracle Service Contracts Lifecycle ManagementOracle Service Contracts Lifecycle Management
Oracle Service Contracts Lifecycle ManagementMohan Dutt
 
Ip addressing3
Ip addressing3Ip addressing3
Ip addressing3SYEDYAWARIMAMKAZMI
 
How to integrate java application with temenos t24
How to integrate java application with temenos t24How to integrate java application with temenos t24
How to integrate java application with temenos t24Mahmoud Elkholy PMI-ACP
 
أساليب تشفير البيانات، بناء مقاطع التشفير
أساليب تشفير البيانات، بناء مقاطع التشفيرأساليب تشفير البيانات، بناء مقاطع التشفير
أساليب تشفير البيانات، بناء مقاطع التشفيرOmar Alabri
 
Ataque mit m usando ettercap a
Ataque mit m usando ettercap aAtaque mit m usando ettercap a
Ataque mit m usando ettercap aTensor
 
Components of client server application
Components of client server applicationComponents of client server application
Components of client server applicationAshwin Ananthapadmanabhan
 
Oracle Fusion Architecture
Oracle Fusion ArchitectureOracle Fusion Architecture
Oracle Fusion ArchitectureVinay Kumar
 
Microsoft System Center Configuration Manager 2012 R2 Installation
Microsoft System Center Configuration Manager 2012 R2 InstallationMicrosoft System Center Configuration Manager 2012 R2 Installation
Microsoft System Center Configuration Manager 2012 R2 InstallationShahab Al Yamin Chawdhury
 
iExpenses Introduction
iExpenses IntroductioniExpenses Introduction
iExpenses Introductionshravan kumar chelika
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation ProtocolMatt Bynum
 
Oracle Purchasing – Different types of Receiving Options
Oracle Purchasing – Different types of Receiving OptionsOracle Purchasing – Different types of Receiving Options
Oracle Purchasing – Different types of Receiving OptionsBoopathy CS
 
HCL Domino V12 - TOTP
HCL Domino V12 - TOTPHCL Domino V12 - TOTP
HCL Domino V12 - TOTPAles Lichtenberg
 
Technical architecture for order management
Technical architecture for order managementTechnical architecture for order management
Technical architecture for order managementMohit kumar Gupta
 
File transfer methods
File transfer methodsFile transfer methods
File transfer methodsPrabhat gangwar
 
BITM3730Week10.pptx
BITM3730Week10.pptxBITM3730Week10.pptx
BITM3730Week10.pptxMattMarino13
 
香港六合彩
香港六合彩香港六合彩
香港六合彩csukxnr
 
六合彩 » SlideShare
六合彩 » SlideShare六合彩 » SlideShare
六合彩 » SlideSharemvtqyygx
 
六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideSharedqxjlhfc
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩skpkcd
 
香港六合彩-六合彩
香港六合彩-六合彩香港六合彩-六合彩
香港六合彩-六合彩qiohms
 
六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShareyqtvdsbl
 
六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideShare六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideSharemmfirkhw
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideSharecxrcpdu
 
filetranferprotocolseminarpresentation.pptx
filetranferprotocolseminarpresentation.pptxfiletranferprotocolseminarpresentation.pptx
filetranferprotocolseminarpresentation.pptxDSPL
 
Respond to the statement below.One of the best protocols today for.pdf
Respond to the statement below.One of the best protocols today for.pdfRespond to the statement below.One of the best protocols today for.pdf
Respond to the statement below.One of the best protocols today for.pdfrufohudsonak74125
 
File transfer protocol
File transfer protocolFile transfer protocol
File transfer protocolMilind Swane
 
Ft pv2(1)
Ft pv2(1)Ft pv2(1)
Ft pv2(1)Abdullah Al-Moath
 
File Transfer Protocol
File Transfer ProtocolFile Transfer Protocol
File Transfer ProtocolVinh Nguyen
 
transfer4all – send big files fluidly
transfer4all – send big files fluidly transfer4all – send big files fluidly
transfer4all – send big files fluidly transfer4all ltd
 

More Related Content

What's hot

Microsoft System Center Configuration Manager 2012 R2 Installation
Microsoft System Center Configuration Manager 2012 R2 InstallationMicrosoft System Center Configuration Manager 2012 R2 Installation
Microsoft System Center Configuration Manager 2012 R2 InstallationShahab Al Yamin Chawdhury
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation ProtocolMatt Bynum
 
Oracle Purchasing – Different types of Receiving Options
Oracle Purchasing – Different types of Receiving OptionsOracle Purchasing – Different types of Receiving Options
Oracle Purchasing – Different types of Receiving OptionsBoopathy CS
 
Technical architecture for order management
Technical architecture for order managementTechnical architecture for order management
Technical architecture for order managementMohit kumar Gupta
 

What's hot (6)

Microsoft System Center Configuration Manager 2012 R2 Installation
Microsoft System Center Configuration Manager 2012 R2 InstallationMicrosoft System Center Configuration Manager 2012 R2 Installation
Microsoft System Center Configuration Manager 2012 R2 Installation
 
iExpenses Introduction
iExpenses IntroductioniExpenses Introduction
iExpenses Introduction
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation Protocol
 
Oracle Purchasing – Different types of Receiving Options
Oracle Purchasing – Different types of Receiving OptionsOracle Purchasing – Different types of Receiving Options
Oracle Purchasing – Different types of Receiving Options
 
HCL Domino V12 - TOTP
HCL Domino V12 - TOTPHCL Domino V12 - TOTP
HCL Domino V12 - TOTP
 
Technical architecture for order management
Technical architecture for order managementTechnical architecture for order management
Technical architecture for order management
 

Similar to Pros and Cons of Filezilla FTP in case of Secured Enterprise file Transfer.pptx

BITM3730Week10.pptx
BITM3730Week10.pptxBITM3730Week10.pptx
BITM3730Week10.pptxMattMarino13
 
香港六合彩
香港六合彩香港六合彩
香港六合彩csukxnr
 
六合彩 » SlideShare
六合彩 » SlideShare六合彩 » SlideShare
六合彩 » SlideSharemvtqyygx
 
六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideSharedqxjlhfc
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩skpkcd
 
香港六合彩-六合彩
香港六合彩-六合彩香港六合彩-六合彩
香港六合彩-六合彩qiohms
 
六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShareyqtvdsbl
 
六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideShare六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideSharemmfirkhw
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideSharecxrcpdu
 
filetranferprotocolseminarpresentation.pptx
filetranferprotocolseminarpresentation.pptxfiletranferprotocolseminarpresentation.pptx
filetranferprotocolseminarpresentation.pptxDSPL
 
Respond to the statement below.One of the best protocols today for.pdf
Respond to the statement below.One of the best protocols today for.pdfRespond to the statement below.One of the best protocols today for.pdf
Respond to the statement below.One of the best protocols today for.pdfrufohudsonak74125
 
File transfer protocol
File transfer protocolFile transfer protocol
File transfer protocolMilind Swane
 
File Transfer Protocol
File Transfer ProtocolFile Transfer Protocol
File Transfer ProtocolVinh Nguyen
 
transfer4all – send big files fluidly
transfer4all – send big files fluidly transfer4all – send big files fluidly
transfer4all – send big files fluidly transfer4all ltd
 
Foxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryFoxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryDimitry Snezhkov
 
Using an FTP client - Client server computing
Using an FTP client - Client server computingUsing an FTP client - Client server computing
Using an FTP client - Client server computinglordmwesh
 
Ids 009 network attacks
Ids 009 network attacksIds 009 network attacks
Ids 009 network attacksjyoti_lakhani
 

Similar to Pros and Cons of Filezilla FTP in case of Secured Enterprise file Transfer.pptx (20)

File transfer methods
File transfer methodsFile transfer methods
File transfer methods
 
BITM3730Week10.pptx
BITM3730Week10.pptxBITM3730Week10.pptx
BITM3730Week10.pptx
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
六合彩 » SlideShare
六合彩 » SlideShare六合彩 » SlideShare
六合彩 » SlideShare
 
六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩
 
香港六合彩-六合彩
香港六合彩-六合彩香港六合彩-六合彩
香港六合彩-六合彩
 
六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare
 
六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideShare六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideShare
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
filetranferprotocolseminarpresentation.pptx
filetranferprotocolseminarpresentation.pptxfiletranferprotocolseminarpresentation.pptx
filetranferprotocolseminarpresentation.pptx
 
Respond to the statement below.One of the best protocols today for.pdf
Respond to the statement below.One of the best protocols today for.pdfRespond to the statement below.One of the best protocols today for.pdf
Respond to the statement below.One of the best protocols today for.pdf
 
File transfer protocol
File transfer protocolFile transfer protocol
File transfer protocol
 
Ft pv2(1)
Ft pv2(1)Ft pv2(1)
Ft pv2(1)
 
File Transfer Protocol
File Transfer ProtocolFile Transfer Protocol
File Transfer Protocol
 
transfer4all – send big files fluidly
transfer4all – send big files fluidly transfer4all – send big files fluidly
transfer4all – send big files fluidly
 
StingRay For FTP
StingRay For FTPStingRay For FTP
StingRay For FTP
 
Foxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryFoxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload Delivery
 
Using an FTP client - Client server computing
Using an FTP client - Client server computingUsing an FTP client - Client server computing
Using an FTP client - Client server computing
 
Ids 009 network attacks
Ids 009 network attacksIds 009 network attacks
Ids 009 network attacks
 

Recently uploaded

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Recently uploaded (20)

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Pros and Cons of Filezilla FTP in case of Secured Enterprise file Transfer.pptx

  • 1. Pros and Cons of Filezilla FTP in case of Secured Enterprise file Transfer Prepared by: Anbesa Jima
  • 2. Introduction • Computer security is the protection that is set up for computer systems and keeps critical information from unauthorized access, theft, or misuse. There are various practices in place that are widely in use, mainly for the protection of computer systems, networks and preventing potential malicious activities. While computer hardware is secured in the same way that sensitive equipment such as lockers and doors are protected, critical information and system access and authorization, on the other hand, are protected through complex security tactics and practices. • File Transfer Protocol (FTP) and Secure FTP (SFTP) are among the most widely used methods for file sharing. Part of the appeal is that they are simple to use and often free or very inexpensive. Typically, organizations get started with FTP because they have an occasional need to send non-sensitive files. The technology works well in these situations, but when used more broadly it can put your business at risk.
  • 3. • Recent research reveals that more than 400 million files from FTP servers are publicly available online. Critical data needs to remain secure and under your control, but FTP was not designed with secure file transfer in mind and SFTP lacks security controls to handle today’s cyber threats • Computer Security is the protection of computing systems and the data that they store or access. • Cyber Security is a set of principles and practices designed to safeguard your computing assets and online information against threats.
  • 4. Filezilla FTP • FTP stands for file transfer protocol; here this article gives information about the advantages and disadvantages of File zilla FTP to know more details about it. • Before you can determine if FTP is the best way for your business to transfer data, you need to know what the drawbacks of using this protocol are. Let’s explore a few. • FTP is inherently an non-secure way to transfer data. When a file is sent using this protocol, the data, username, and password are all shared in plain text, which means a hacker can access this information with little to no effort.
  • 5. What is the issue? • FileZilla users observed the “complete” FileZilla installer creating an unidentified process which spawns multiple command line prompts that append dat files (a generic data file) together. • Many programs create, open, or reference dat files. These files may contain data in binary or text format, and typically they are accessed only by the application that created them. While using FileZilla, users observed a process that reaches out to random, unrelated IP Addresses over TCP/80. This can be an indication of malicious behavior, such as command and control traffic. • Certain versions of FileZilla Server contain vulnerabilities in their distribution of OpenSSL. An attacker could launch Denial-of-Service attacks via multiple attack vectors or use the vulnerable SSL distribution to cause a buffer overflow and potentially execute arbitrary code. • Another issue is for large enterprise or governmental office when use plan to use filezilla and allowed the ports the attackers follow that tunnels and gets to your networks.
  • 6. How does the malware get installed on your computer? • A pop-up link will alert the user that their FileZilla application is out-of-date and will direct the user to the website for filezilla-project.org. The download from this link delivers a malicious bundle installation wrapper, a program used to execute one or more installation program. The wrapper contains malware such as fusioncore, installcore, Eldorado, PUP, and PUA. Many of these may not be detected by anti-virus software.
  • 7. Advantages of Filezilla FTP: • FTP easily facilitates those large transfers, • FileZilla provides an easy-to-understand application for non-IT users • Moving files between internal servers are very easy with FileZilla, particularly between Linux and Windows servers. • FTP is used to allows you to transfer multiple files • Many more FTP clients also have the ability to schedule a transfer • The ability to add items to a queue to be uploaded as well as downloaded • The ability to resume a transfer if the connection is totally lost
  • 8. Disadvantages of Filezilla FTP: • FTP is vulnerable to brute force attacks, • Any user with the FTP credentials will have access to everything on the FTP server • Audit trails aren’t an option with FTP, making it difficult to track down the source of a leak or monitor project progress. • Uploading and downloading many files can sometimes be slow. An estimated time of completion could help make the transition more enduring. • Sometimes it can be tricky to find out where your file went. • The application crashes from time to time, causing you to have to start over. • The editing and viewing feature in FileZilla is not as user-friendly as some other applications. Editing sometimes requires downloading a file and editing it, and then re-applying the file. • Placing and saving encryption keys can sometimes be difficult for non-expert users. FileZilla- driven prompts to assist in this would be helpful. • Once you delete an item, it is gone forever. • Updates might be released more often • Usernames, password, and files are sent in clear text • Servers can be spoofed to send data to a random port on an unintended computer side • Filtering active FTP connection is too much difficulty on your local machine • TLS 1.2 not always supported over https • X-Force Vulnerability Report FileZilla privilege escalation (1) • CVE-2019-5429
  • 9. • Filezilla-cve20195429-priv-esc (160288) reported Apr 29, 2019 • FileZilla could allow a local authenticated attacker to gain elevated privileges on the system, caused by an untrusted search path flaw in home directory. By inserting a malicious 'fzsftp' binary in the path, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges • Confidentiality Impact • High • Integrity Impact • High • Availability Impact • High • Filezilla-local search-dos (157750) reported Mar 1, 2019 • FileZilla is vulnerable to a denial of service. By sending specially-crafted input to the 'Local search' field, a local attacker could exploit this vulnerability to cause the application to crash. • Filezilla-addbookmark-dos (151058) reported Oct 10, 2018 • FileZilla is vulnerable to a denial of service, caused by improper input validation of bookmark name. By sending an overly long argument to the Bookmarks field, a remote attacker could exploit this vulnerability to cause the application to crash. • Filezilla-ftpclient-unquotedpath-priv-esc (113140) reported May 11, 2016 • FileZilla FTP Client could allow a local attacker to gain elevated privileges on the system, caused by an unquoted search path in the C:Program FilesFileZilla FTP Clientuninstall.exe. By inserting code in the system root path, an attacker could exploit this vulnerability to execute arbitrary code with root privileges. Confidentiality Impact • High Integrity Impact • High Availability Impact • High
  • 10. • Filezilla vulnerabilities and exploits (2) • Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue... • Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party... • Buffer overflow in FileZilla prior to 2.2.23 allows remote malicious users to execute arbitrary commands via unknown attack vectors. • FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently." • Multiple format string vulnerabilities in FileZilla prior to 2.2.32 allow remote malicious users to execute arbitrary code via format string specifies in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information. • Untrusted search path in FileZilla prior to 3.41.0-rc1 allows a malicious user to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
  • 11. What can you do to protect yourself? • FTP was not built to be secure. It is generally considered to be an insecure protocol because it relies on clear-text usernames and passwords for authentication and does not use encryption. Data sent via FTP is vulnerable to sniffing, spoofing, and brute force attacks, among other basic attack methods. • To protect yourself against this riskware and sensitive information don’t use FileZilla. • To transfer protected information, use locally developed web based file transfer software • For user data exchange, consider cloud-based storage-as-a-service. • When downloading applications and software from the Internet, always save them to a file and run antivirus software against them before execution to ensure they are free of any malware.
  • 12. • Why is Computer Security Important? • Computer Security allows the Enterprise to carry out its mission by: • Supporting critical business processes • Protecting personal and sensitive information • Enabling people to carry out their jobs, • What are the consequences for security violations? • Risk to security and integrity of personal or confidential information e.g. identity theft, data corruption or destruction; • Lack of availability of critical information in an emergency, etc. • Loss of valuable business information • Loss of employee and public trust, embarrassment, • Costly reporting requirements in the case of a compromise of certain types of personal, financial and health information
  • 13. Recommendation • It is advised to transfer protected information, use locally developed web based file transfer software for sensitive files. • Browser-based file sharing- Remote working and collaborative efforts are the norm now, so teams need a file-sharing option that provides file version control, real-time file syncing, easy remote access from any device, and effective communication tools. •