The Dirty Little Secret of FTP

There are several vulnerabilities to consider when exchanging business documents with suppliers, customers, and service providers including eavesdropping, impersonation, and modification. Most file exchange hubs, including fileXhub, use some type of authentication to reduce risk as files are picked up or dropped off. And many offer options to encrypt data as it is exchanged over the Internet - 'in flight.' But there is also the vulnerabilty of data 'at rest' - while it is stored on the file exchange hub's server.

Traditional FTP servers store both inbound and outbound data on the server's file system - in unprotected clear text. If a hacker is successful in gaining access to the server at the operating system level, these files are completely open and available to the hacker.

fileXhub protects against this vulnerability in several ways.

First, because fileXhub is a proxy and not an actual FTP server, it has none of the known FTP server vulnerabilities that could allow a hacker to gain access to all FTP accounts or even control of the server itself. fileXhub is BIT's proprietary product and is not based on any FTP server code. It responds to FTP commands to make it work with FTP clients using BIT's proprietary code.

But operating systems and networks have vulnerabilities and new exploits are reported every day. There is a very real risk that any server available to the public Internet may be 'cracked.' When that happens with FTP's clear text documents, all confidentiality is compromised.

With all versions fileXhub, none of your business documents are stored on the file system at all. They are stored in an encrypted database. If and when a hacker gains access to the server, they will find significant additional barriers that protect your data.

Please check out fileXhub Security to see how fileXhub offers secure password and message exchange using HTTPS.

With fileXhub Enterprise, there is the option of significantly enhancing security by deploying the portal, FTP proxy, and HTTP(S) proxy on a server in the DMZ (open to the public Internet) and deploying fileXhub administration and the fileXhub database in a secure network zone. That way, even the encrypted database is secured behind firewall rules that only allow database access from the fileXhub proxies using their non-routable IP addresses. That means that your Internet-accessible exchange hub could be completely compromised without giving any access to even the encrypted database.

The very best security comes from using payload encryption, digital signatures, and signed delivery receipts. Doing that requires generation and exchange of digital certificates and sophisticated processing by both your software and the software your trading partners use. BIT supports this kind of processing in both our MFT and EME solutions. It can be added to an existing fileXhub at any time when trading partners are ready to implement their side of the required security framework.

fileXhub eliminates the risk inherent in storing sensitive information like pricing and account numbers in clear text on the file system. fileXhub Professional adds HTTPS encryption of passwords and message content and adds the FTP protocol.
fileXhub Enterprise adds HTTP/S Web service message exchange and goes beyond the security of encrypted passwords, message content and an encrypted database and puts the database safely in your secure network.

Get your own fileXhub today and you won't have a dirty little secret anymore.