Tracking FTP usage with Firewall Analyzer.

What is FTP?

The File Transfer Protocol (FTP) is a standard network protocol used for transferring files between any two computers on a network.

Why should you track FTP usage?

The chance of a properly secured FTP server getting hacked is low, but the possibility is still there; no system is 100 percent secure.

On top of that, FTP has a couple of weaknesses.

  1. By default, there is a provision that allows local commands to be executed in FTP servers built in Linux and Windows servers. A malicious user might be able to elevate privileges by exploiting this security flaw.

  2. FTP is based on plain text. During login, the user name and password are sent across as plain text without encryption; this makes the protocol vulnerable to hackers who can use different tools to obtain these credentials.

How does Firewall Analyzer help track FTP usage?

Firewall Analyzer tracks FTP usage from the firewall syslog and provides a detailed traffic report on:

 

1. Top Host — Total host traffic sent and received using FTP.

Top host graph

 

Top host table

 

2. Top Protocol — Top protocol group traffic sent and received using FTP.

Top Protocol graph

 

Top Protocol table

 

3. Top Users — Top user traffic sent and received using FTP.

Top user graph

 

Top user Table

 

4. Top Rules — The top rules used to access FTP.

Top Rules Table

 

If either the host or the user shows unusual traffic, the security admin can investigate and secure that specific IP.

 

A single platter for comprehensive Network Security Device Management