Although the HTTP protocol is increasingly used for file transfer, the old FTP protocol (File Transfer Protocol) is still present in many systems and companies, unfortunately it was not designed as a secure transfer protocol and presents many vulnerabilities that attackers take advantage of . An example is a vulnerability that uses an anonymity mode of FTP: older FTP servers can be accessed with a common username such as “anonymous” or “ftp”, without the need to enter a password or username.
Due to its characteristics, it is in the sights of many hackers willing to obtain all the information in even control, through the search for unprotected servers and thus any user, from any place, with any type of connection could have access to the server of your company and many others that have this vulnerability.
An example of how insecure this protocol is has come to light thanks to the security researcher, Minxomat, since he carried out a process as a test and there he found more than 796,578 unprotected FTP servers, an incredible and worrying number since it is a lot information that is unprotected.
This protocol is less commonly used than HTTP by cyber attackers, but it does not stop posing a risk for everyone. Therefore, organizations should follow certain general guidelines to prevent attacks through them:
▸Monitor and update server settings
A misconfigured FTP server can allow a cyber attacker in by connecting in anonymous mode. An FTP server configuration that requires a secure access password is already a more complex barrier for the attacker.
▸Adoption of MANRS standards
MANRS (Mutually Agreed Norms for Routing Security) standards consist of a joint initiative created by Network operators and neutral points (IXPs) in order to develop greater security in routing to avoid, among others, BGP attacks. A large company that has extensive control over its networks and nodes should adopt them.
▸Updating of networks
The IT teams of companies must use the most up-to-date modes of these protocols to avoid potential cyberattacks, since it is a primitive protocol that by default was not designed with encryption in its file exchange, so it is important to be careful with old versions of these.
Check also:
FTP server on windows easy way to access
XML Vulnerabilities and how serious they are
[…] Also read:Telnet Protocol – A dedicated management toolFTP Protocol, Be very careful of its risks […]