Security

The following security features are functions of the FTP environment and exist in addition to the hardening of the operating system and associated application services.

Transport Encryption

During transport the FTP environment uses SSL or SSH to encrypt communications. The minimum strength of the encryption used during web transport is 128-bit.

Storage Encryption

The FTP environment stores all files on disk using FIPS 140-2 validated 256-bit AES (http://csrc.nist.gov/encryption/aes), the new (US) federal standard for encryption. The encryption engine on which the FTP environment relies, is only the tenth product to have been vetted, validated and certified by the United States and Canadian governments for cryptographic fitness under the rigorous FIPS 140-2 guidelines.

The FTP environment also overwrites just-deleted files with random bytes to prevent even encrypted files from lingering on a physical disk after users thought them to have been destroyed.

Precautions Taken During Transport-Storage Exchange

If files received by the FTP environment were simply copied to a large cleartext memory buffer, trojan programs could potentially "sniff" sensitive files out of these spaces.

Instead the FTP environment spools pieces of files received into much smaller buffers, encrypts them and writes them to disk almost immediately. Spooling files in this manner reduces overall exposure in two ways: 1) reduces amount of information exposed and 2) reduces time information is exposed.

(A frequently asked question regarding this issue is "why not just store the file using SSL or SSH" - a short answer to this question is: SSL or SSH uses temporary keys which are renegotiated each time a client establishes a new connection, and we need "more permanent" keys for storage.)

Integrity Checking

When certain file transfer clients are used with a FTP server, the integrity of transferred files will be confirmed. A

To perform an integrity check, both the client and the server obtain a cryptographic hash of the transferred file as part of the last step of the transfer. If the values agree, both sides "know" that the file transferred is completely identical to the original. The results of any integrity check are not only displayed to the user of the file transfer client but stored for ready access on the FTP server.

Immediate Transfer off Server

The FTP environment supports "event-driven" transfers which allow files to begin spooling to internal servers as soon as they land on an Internet-facing FTP server. This prevents even encrypted files from remaining on the server for longer than absolutely necessary.

Transfer Resume

The FTP environment supports file transfer resume on both its HTTPS and FTPS interfaces. In addition to being useful during transfers of multi-gigabyte file, this feature is also a secure feature in the sense that it makes large file transfers less susceptible to denial-of-service attacks.

Folder Quotas

Enforceable folder size quotas can be set on various folders to prevent system storage from being exhausted.

User Quotas

Enforceable user size quotas can be set on various users to prevent them from exhausting system storage.

Delegation of Authority

Individual end-user members of a group can be designated as Group Admins. These users then are able to administrate the users, folder permissions and address books in their group, subject to various parameters set by organization administrators.

Administrative Alerts

Email notifications are sent to administrators when users are locked out, when the internal consistency checker notices something amiss with the database, etc.

Password Aging

Users will be forced to change their passwords periodically within the FTP envrionment's password aging features. Users will also be warned (via email) several days in advance of actual expiration, and notified again when their password expires. If you need a service account configured please contact the ISD HelpDesk.

Password History

The FTP environment has been configured to remember a certain number of passwords and prevent users from reusing those passwords.

Password Strength Requirements

The password complexity for the FTP environment is as follows:

Account Lockout

If someone attempts to sign on to a valid account with an incorrect password too many times, their account can be locked out and administrators will be notified via email.

IP Lockout

The FTP environment offers a feature which will prevent a machine with a specific IP address from making any further requests of the system if the FTP environment sees too many bad signon attempts. Administrators will also be notified via email when this occurs.

Restricted IP/Hostname Access

Specific users or classes of users can be restricted to certain ranges of IP addresses and/or hostnames.

Detailed, Tamper-Evident Audit Logging

The FTP environment logs not only signon and signoff events, but permission changes, new user additions and other actions which directly affect the security of the system. Realtime views of this audit trail as well as detailed query tools are available on the Logs and Report pages. All log entries are cryptographically chained together in a way that makes any tampering (add, delete, change) of audit logs evident.

Multiple Factor Authentication

When used with a username, IP addresses, passwords and client keys/certs offer one-, two- or three-factor authentication.

Web Browser "Clickable Keyboard" Keystroke Logging Protection

To prevent keystroke logging software and hardware from capturing the keystrokes used to sign on to the FTP environment using a web browser, a clickable keyboard is provided as an alternate method of data entry. The same keyboard also protects other password fields used throughout the application to protect other users as well.

Cross-Frame Scripting Protection

To help prevent cross-frame scripting attacks against the FTP environment, the web interface will prevent itself from being loaded in a frame or iframe window.