|
Posted by Sarah Kane @ Tue, 18 Nov 2008 12:40:27 -0500
Xavier Chaillot, Director of Marketing with Hummingbird - The Open Text Connectivity Solutions Group, discusses the dangers faced by companies using FTP and Telnet and how Connectivity Secure Server addresses these issues.
Q: What are the major security concerns for companies using FTP and Telnet?
A: The main problem with FTP or Telnet is that they are fundamentally insecure protocols. FTP dates back from the 60’s when it was commissioned by DARPA and Telnet was created a bit earlier. That was a time when network security was not as much of a concern as it is today. Both protocols were designed with simplicity, versatility and flexibility in mind, but definitely not security. FTP is primarily used for transferring files between homogeneous or heterogeneous environments while Telnet is the de facto protocol for accessing text-based legacy applications or remotely managing servers and network equipment.
Both FTP and Telnet have many security issues, but the most critical are:
There are more problems related to FTP and Telnet such as the many exploits available on the Internet or the fact that they don’t play nice with firewalls. Ultimately, these technical problems become critical business challenges which amount to two things: cost of a security breach and lack of compliance with industry standards.
According to a 2007 Forrester study, security breaches cost anywhere between $90 to $305 per record breached. As an example, the breach of a simple text file containing 5,000 names, addresses and social security numbers or credit card numbers would end up costing between $450,000 and $1,525,000. This is the kind of money that businesses can not afford to pay these days, especially when you realize that adequately protecting yourself against simple breaches like FTP or Telnet is going to cost you between 1% and 5% of that amount.
At the end of the day, it’s not about the technicalities of security, it’s about how much you are putting your business at risk by not taking care of basic things such as Telnet or FTP and what price you’ll pay for that.
Q: Do standard security platforms such as Trend Micro, Symantec provide security for FTP and Telnet protocols?
A: Antiviruses are not designed to protect network protocols such as FTP or Telnet. Antiviruses do what they’ve always done best: detect and eradicate rogue malware code running on a machine. The kinds of problems that arise with Telnet or FTP are not of that nature. These protocols were never designed to handle the most basic security requirements such as data encryption, strong authentication and data integrity. This leaves them with multiple angles of attack which are not covered by antivirus such as those named here.
Q: Do industry security standards such as Sarbanes-Oxley and HIPPA have compliance requirements for FTP and Telnet?
A: Absolutely. At varying degrees, all of these regulations and standards have impact on organizations running FTP or Telnet. Here are a few examples:
-
PCI-DSS: the payment card industry data security standard regulates how credit card information are being processed, stored and transmitted. The lack of encryption, weak authentication and absence of data integrity make FTP and Telnet completely unsuitable to support the requirements of that standard.
-
GLBA: the Gramm Leach Bliley Act of 1999 requires organizations in the financial industry to adequately protect their customers’ private information, something that not realistic with Telnet or FTP.
- SOX: the Sarbanes Oaxley act requires the implementation of solid internal controls to guarantee that financial reports properly reflect the economic reality of any publicly traded company. Auditors reviewing IT systems will most likely shut down any FTP or Telnet activity because of their lack of security and viability in the context of these controls.
- HIPPAA is a healthcare industry regulation which, among other things, requires healthcare actors to encrypt and protect their patients’ information. As explained above, this is something that’s not conceivable with Telnet or FTP.
Q: How does the Connectivity Secure Server help companies protect their FTP site and assist in any regulatory compliance requirements?
A: Connectivity Secure Server is a high-performance network security system that allows organizations to encrypt, authenticate and guarantee the integrity of data being transmitted over a TCP/IP network. To put it in a nutshell, Connectivity Secure Server coupled with a secure shell client such as Connectivity SecureTerm will create secure encrypted tunnels between a user’s desktop and a server. Those tunnels can be used to pass any TCP/IP network traffic.
Connectivity Secure Server is the ideal solution for companies looking to:
-
Replace their Windows FTP Server
-
Remotely manage Windows Servers
-
Secure internal and external network traffic
-
Encrypt 3rd party application traffic
The interesting thing about replacing Telnet and FTP with Connectivity Secure Server and Connectivity Secure Term is that organizations will keep the same flexibility and versatility that they are used to with traditional Telnet and FTP, but in a much more secure environment.
The other thing is that this solution is not limited to Telnet or FTP but can be used to encrypt any TCP/IP communication from 3rd party application. Remember these legacy apps that are still around but you don’t want to touch because the people who made them are not around anymore? A solution such as Secure Server and SecureTerm can definitely help increase your level of security with minimal if no disruption to your application stability or your business processes.Â
Q: Can a company determine if their FTP site/server is at risk or if there has been a breach of security?
A: Network monitoring, breach discovery and intrusion detection systems are a whole world in itself. There’s no doubt that any company equipped with these kind of tools has a better chance of finding out whether something bad is happening on their network but the number of false positives sometimes returned by these systems make them less than perfect more often than not. According to a study led by Verizon in 2008, 75% of breaches were not discovered by the victims but by someone else. That number alone speaks volume about the chance that a company has of finding this out by itself. There’s no miracle: be proactive and cover the basics.
Q: How do companies find more information about the Connectivity Secure Server?
A: Connectivity Secure Server is available today from Softchoice and its partners. Companies who want more information can go to www.hummingbird.com/secureserver where we have datasheets, whitepapers and trial versions available. The trial version is a time-limited full functioning version of the product. Don’t forget to also check our client-side solution, Connectivity SecureTerm and our security add-on for Exceed, Connectivity Secure Shell.
Posted in Authentication, Connectivity, Data Security, Internet Content
Posted by Sarah Kane @ Mon, 10 Nov 2008 09:07:48 -0500
 Congratulations ScriptLogic!
Not only did you win the coveted Triple Crown award, you won seven other First Place awards and one Second Place award (see the details below.) Eight awards in a single year, that is quite an achievement! We are proud to be partnered with a proven industry leader.
-
Triple Crown in Best Network Automation and Batch Processing Product for Desktop Authority (4th consecutive year)
-
1st place in Best Network Management Product for Desktop Authority
-
1st place (ISV) in Best Software Distribution Product for Desktop Authority
-
1st place in Best Remote Troubleshooting Solution for Desktop Authority-Remote Management Gateway
-
1st place (ISV) in Best Application Management Product for MSI Studio
-
1st place in Best Compliance Tool for File System Auditor
-
1st place (ISV) in Best Group Policy Manager for Active Administrator
-
1st place in Best Security Auditing Product for Enterprise Security Reporter
-
2nd place in Best SQL Tool for Security Explorer for SQL Server
Read the full article: Redmondmag.com
Visit the ScriptLogic website
Posted in Authentication, Data Loss Prevention, Data Security, Reporting
Posted by David Schultz @ Thu, 18 Sep 2008 14:06:22 -0400
Robert Wong, Senior Product Manager with Hummingbird - The Open Text Connectivity Solutions Group discusses how to solve mobility and performance issues caused by UNIX server consolidation projects.
Q: What market trends do you see today that does not exist 10 years ago?
A: Over the years, IT industry was bombarded by waves and waves of market trends: some trends were initiated by end users or driven by executives and some trends had an everlasting impact on the IT landscape. Certain trends were transient and dissipated as fast as they were introduced. One of the deciding factors that determined the fate of a trend was the ability to help organizations lower their total cost of ownership. After all, money talks and everyone listens. Server Consolidation is one of most prominent and successful trends in recent years with thirty years in the making.
Prompted by the growing popularity of the distributed computing strategy and the increasingly affordable servers in the 80s and 90s, organizations were blessed with the flexibility of adding as many servers as demanded. Over the years, it created a phenomenon that was known as server sprawl. Fragmented business operations with over-distributed servers and underutilized resources were the direct result of server sprawl and it ultimately raised the total cost of operation that far outweighed the benefit brought by its convenience and flexibility. To take control of the runaway cost of management, services and security, businesses turned towards different Consolidation Strategies.
Q: How has consolidation affected the average UNIX user?
A: Regardless of the type of consolidation strategy, whether application servers are physically relocated from remote offices to an application center; or multiple applications are being grouped to a fewer physical servers, the impact to end users is just the same: consolidation creates distances between users and applications. Not all business applications react to the growing distances in the same way, and in the UNIX world, X Window application reacts rather unfavorably simply because the underlying X Window protocol is extremely sensitive to the changing network connection speed. In order to maintain an acceptable level of usability of the UNIX applications and guarantee a minimal level of user productivity, a successful UNIX resource consolidation project must also incorporate alternative means of access to X application for users to overcome this productivity, performance and mobility challenges.
Q: How does Hummingbird® react to this market trend?
A: In response to the changing market trends and growing market needs, Hummingbird has introduced a brand new solution: Exceed Freedom. This product is for Windows desktop users and is designed with the mobile business environment in mind. Exceed Freedom helps organizations deliver high speed global access for UNIX applications and facilitates UNIX server consolidation, improves user productivity, reduces user downtime and enhances end-to-end data security. It is the key to the success of every UNIX consolidation project.
Q: How does Exceed Freedom address these challenges?
A: Although users and consolidated server resources are connected over a slower network connection over a much greater distance, Exceed Freedom allows users to access their applications with the same performance as if those application servers are local. It is thanks to the incredibly effective architecture and efficient communication technique employed by Exceed Freedom that can reduce the network traffic by up to 100 times! Not only can Exceed Freedom eliminate the performance penalty normally associated with the growing distances, it also safeguards UNIX application users’ hard work from accidental disconnection due to the unreliable and unpredictable Internet connections by keeping their Exceed Freedom sessions alive in a middle-tier server. As server resources are being streamlined and reorganized by the consolidation project, so is the support infrastructure. In order to keep end users content and productive, Exceed Freedom allows remote IT staff to shadow user sessions, visualize and troubleshoot problems on-the-fly.
In a business world where total cost of ownership and return on investment is the universal language for all decision makers and Consolidation becomes part of the arsenal of business strategies, Exceed Freedom is the only solution that links business strategies to the technical reality while helping your UNIX application users continue to be productivity regardless of the placement of UNIX application servers.
Q: Is Exceed Freedom available now?
A: Yes, Exceed Freedom is currently available. To obtain more information about Exceed Freedom, please visit www.hummingbird.com to download a copy of free evaluation software, whitepaper, and business and technical solution overview.
Posted in Connectivity, Desktop Management, Terminal Emulation
|
