Case Study. File Transfer Issues Faced by an Engineering Company



Similar documents
Half Bridge mode }These options are all found under Misc Configuration

Quick Start Guide. Hosting Your Domain

SSL VPN Technology White Paper

Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

Technical Support Information

Device Log Export ENGLISH

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Administrators Help Manual

Setting Up Scan to SMB on TaskALFA series MFP s.

Manual Password Depot Server 8

F-SECURE MESSAGING SECURITY GATEWAY

Application Note: FTP Server Setup on computers running Windows-7 For use with 2500P-ACP1

TECHNICAL NOTE TNOI27

emerge 50P emerge 5000P

Steps for Basic Configuration

Deployment Guide: Transparent Mode

How to Make the Client IP Address Available to the Back-end Server

Secure Web Appliance. Reverse Proxy

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

How To - Implement Clientless Single Sign On Authentication with Active Directory

NovaBACKUP xsp Version 15.0 Upgrade Guide

Network Configuration Settings

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

STERLING SECURE PROXY. Raj Kumar Integration Management, Inc.

Sonicwall Reporting Server

Protecting the Home Network (Firewall)

FTP e TFTP. File transfer protocols PSA1

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Security Provider Integration Kerberos Authentication

How To Upgrade To Symantec Mail Security Appliance 7.5.5

Setting Up Your FTP Server

F-Secure Messaging Security Gateway. Deployment Guide

Matrix Technical Support Mailer - 72 Procedure for Image Upload through Server in SATATYA DVR,NVR & HVR

What is the Barracuda SSL VPN Server Agent?

Secure Web Appliance. SSL Intercept

APPLICATION NOTE. CC5MPX Digital Camera and IPn3Gb Cellular Modem 10/14. App. Note Code: 3T-Z

DRO-210i LOAD BALANCING ROUTER. Review Package Contents

Savvius Insight Initial Configuration

Sonian Getting Started Guide October 2008

FTP Server Configuration

Secure Client User Guide Receiving Secure from Mercantile Bank

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

RSA Event Source Configuration Guide. EMC Avamar

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

Contents Notice to Users

Installing and configuring Microsoft Reporting Services

MobileStatus Server Installation and Configuration Guide

Configuring Security for SMTP Traffic

POLICY PATROL MFT. Manual

How To - Deploy Cyberoam in Gateway Mode

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

FTP Accounts Contents

Web Remote Access. User Guide

Ignify ecommerce. Item Requirements Notes

- 1 - SmartStor Cloud Web Admin Manual

Virtual Appliance Setup Guide

nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.

Securing Data on Microsoft SQL Server 2012

CYAN SECURE WEB APPLIANCE. User interface manual

SECURE FTP CONFIGURATION SETUP GUIDE

Web Application Vulnerability Testing with Nessus

Alcatel-Lucent Extended Communication Server Active directory synchronization : installation and administration

New World Construction FTP service User Guide

FTP Help Guide

Paxera Uploader Basic Troubleshooting

Manual POLICY PATROL SECURE FILE TRANSFER

POP3 Connector for Exchange - Configuration

Multi-Homing Gateway. User s Manual

ONLINE PRIVACY POLICY

Active Directory Self-Service FAQ

How To Configure SSL VPN in Cyberoam

Mobile Device Management Solution Hexnode MDM

Citrix XenApp Manager 1.0. Administrator s Guide. For Windows 8/RT. Published 10 December Edition 1.0.1

Clearswift Information Governance

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Lepide Active Directory Self Service. Installation Guide. Lepide Active Directory Self Service Tool. Lepide Software Private Limited Page 1

Copyright 2012 Trend Micro Incorporated. All rights reserved.

MS-55096: Securing Data on Microsoft SQL Server 2012

Configuring User Identification via Active Directory

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

This section will focus on basic operation of the interface including pan/tilt, video, audio, etc.

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Basic Exchange Setup Guide

Technical Information

Setting up the local FTP server

Ciphermail Gateway PDF Encryption Setup Guide

PaperCut Payment Gateway Module - PayPal Payflow Link - Quick Start Guide

LifeSize Transit Deployment Guide June 2011

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

V Series Rapid Deployment Version 7.5

TELE 301 Network Management. Lecture 17: File Transfer & Web Caching

How To Protect Your Network From A Hacker Attack On Zcoo Ip Phx From A Pbx From An Ip Phone From A Cell Phone From An Uniden Ip Pho From A Sim Sims (For A Sims) From A

Plesk 11 Manual. Fasthosts Customer Support

Transcription:

Case Study File Transfer Issues Faced by an Engineering Company Abstract This case study shows how an engineering company changed their long-running file transfer system because of security issues; and how the Qiata File Transfer Appliance was able to meet their security requirements. Author: Joseph Loh Date: 1 Oct 2010 Document Version: QIATA-2010-10-001-1.0

Background The company is a one stop precision plastic engineering company with offices and factories in Singapore, Malaysia, China and Mexico. The company designs and manufactures plastic injection parts and casing for many industries all over the world. The manufacturing plants are based in China and the design team in Singapore frequently transfer engineering documents to the manufacturing plants. Many innovative macros are embedded in each engineering document and these are the Intellectual Property that the company created over the years. Because of this, the engineering documents are to be kept confidential and transferred within the company only. Sending the documents by email is not feasible because these documents are fairly large in size. So they set up a FTP server to allow the designers and plant engineers in China to exchange the engineering documents. A number of FTP user accounts were set up for the designers and the plant engineers in China to access the FTP servers. Engineering documents were put into the FTP server using these accounts for sharing with the other parties with valid FTP user accounts. For a long time, this had been the method for transferring engineering documents within the company. There were a number of issues with this approach. The main issue was that there was no tracking of the user accounts. When employees left the company, the user account was not immediately deleted but left unattended. This created a potential opportunity for disgruntled or dishonest employees to copy sensitive documents or to sabotage existing documents. Another big issue was that it was hard to track the activities of each user. Sensitive files could be easily copied or tampered without anyone noticing until a full audit was done on the FTP server. There were also other issues like the managing of user accounts and passwords; and the insecurity of clear text FTP transport. These issues triggered the IT team to search for a better solution to transfer files. 2 / 5

Solution The Qiata File Transfer Appliance (FTA) was evaluated against the security issues that the company was facing with transferring sensitive engineering documents. The problem with using a FTP server to transfer files is that the FTP process is essentially a file sharing service. Files are directly accessed and shared for as long as the file exists in the server. End-users have no idea on how the files are accessed, modified, deleted or downloaded because the logs are accessible only by the administrator. The approach of the Qiata FTA towards file transfer is to focus on the transfer process. Each transfer is unique and track-able. The recipient can only access and download the file via the unique web link. The sender will be notified when each recipient accesses or downloads a file. When the set parameters for the transfer, like number of downloads or expiry date is met, the transfer is disabled. The recipient can only download the files that the sender sends to him. He will not be able to browse the directory for other files that he is not supposed to see. Each sender has full access to the transfer activities of his own transfers. He can find out which recipient has downloaded the file, even if it was an incomplete transfer. He can also put the transfer on hold without deleting the transfer. For transfers with multiple recipients, one or more recipients can be removed from the transfer without having to delete the entire transfer. Since all recipients can only access the file via the unique link sent to him, the sender has full control over the transfer process. The files are transferred using HTTP over SSL. This protocol protects the transfer, even when it is transferred over the Internet. 3 / 5

Implementation The decision was to place the Qiata FTA in the Singapore office as the main IT team was located there. The Qiata FTA was deployed in the DMZ behind the firewall. The company had a limited number of Static IP Addresses and could not allocate one for the Qiata FTA. So they configured the firewall to port forward TCP 443 (HTTPS) from one of the existing Static IP Address to the Qiata FTA. That was all that is needed to host the Qiata FTA on the Internet. For the user accounts, the self-registration mode was chosen so as to reduce the load on the system administrator. Any user with a valid email address within the company domain will be able to sign up for an account on the Qiata FTA by himself. Every new user who signs in using this method will be put into a group with preset parameters like maximum number of daily transfers, storage size etc. If he forgets his password, he can request the Qiata FTA to send him a link to reset his password. When the Qiata FTA was set up, the IT team sent out emails to all users with the details on how to sign up for an account on the Qiata FTA by themselves. The Qiata FTA is now self running while the system administrator is freed up to manage other IT tasks. 4 / 5

Conclusion The company initially chose a low cost and commonly used FTP server for the transfer of files. However the files involved were sensitive engineering documents and the disadvantages of the use of FTP made it hard to continue with this model. The Qiata FTA was a quick to deploy and easy to use solution that took care of the concerns for transferring of sensitive engineering documents. The IT work load was also reduced because the Qiata FTA was designed for that purpose as well. With the Qiata FTA running without much supervision, the users were also more satisfied because they were able to track each document by themselves. They are notified when the documents are downloaded by each recipient. If they limit the number of download for each document to one, they will be assured that the document will not be accessible anymore once it has been downloaded fully. The company has benefited from using the Qiata FTA because their Intellectual Property is now better protected. All documents, including sensitive documents are tracked via the audit log. All recipients only have access to the files that were sent to them and nothing else. 5 / 5