OpenText Secure MFT Security Overview Many file transfer protocols, including FTP and HTTP, send user credentials and files in clear text format without any encryption. This means anyone can intercept the connection without the sender or receiver s knowledge. Because of this, companies are seeking to replace their unsecured file transfer applications to improve security. This whitepaper will outline how OpenText Secure MFT ensures all factors that are directly and indirectly related to file transfer activities are strongly secured, helping organizations eliminate risk with a user-friendly file transfer solution.
Table of Contents Introduction...3 Secure Authentication...3 Encrypt Data in Transit...4 Protect Data at Rest...5 Control Access by User Roles...7 Miscellaneous Security Measures...7 Account Provisioning...7 File Type Restrictions...7 Summary...8
Introduction It is well known that many file transfer protocols, including FTP and HTTP, send user credentials and files in clear text format without any encryption. Anyone can snoop the network traffic and intercept the connection without the sender or receiver s knowledge. This lack of security is one of the most common reasons that companies look for alternatives to replace their unsecured file transfer applications. OpenText Secure MFT provides best in class security to protect all aspects of a file transfer workflow, from user authentication, to file transfer, and down to the way files are securely stored. This whitepaper will outline how Secure MFT achieves these tasks in detail. For more information on Secure MFT, please visit: http://www.opentext.com/securemft Secure Authentication OpenText Secure MFT uses OpenText Directory Services (OTDS), which comes bundled with the solution, to handle all matters related to authentication. OTDS acts as a common authentication layer for the backend identity servers, including Microsoft Active Directory, or LDAPv3 directory servers. It allows users to access Secure MFT via Single Sign On (SSO) by leveraging their existing corporate identities. OTDS also supports any number of additional user partitions, allowing administrators to define and manage the identity of external users, such as trading partners, contractors, or external business users, independent of the internal enterprise directory services. Multiple user partitions provide administrators an efficient way to manage a mixed group of user identities. OTDS also allows administrators to enforce password policies, such as password length, complexity, and retries. Administrators can use SSL to secure the connections from OTDS to the identity provider, as well as the connections to the end user. The username and password that a user supplies is transmitted in encrypted form throughout the process, and in the case of SSO against AD or LDAP servers, no passwords are transmitted at all. Authenticated users are issued a security token, which can be used to access other Secure MFT services. ENTERPRISE INFORMATION MANAGEMENT 3
7. USER TOKEN VERIFIED WITH OTDS FIGURE 1 OTDS MFT WEB SERVICE TRANSFER SERVER Secure MFT authentication and transfer workflow 3. REDIRECT TO OTDS RECEIVE LOGIN PAGE OR SSO NEGOTIATION 1. FIRST CONNECTION ATTEMPT 2. USER NOT AUTHENTICATED REDIRECT TO OTDS 4. USER IS AUTHENTICATED AND CONNECTS 5. TRANSFER AND OTHER SETTINGS RETURNED 6. CONNECTION INITIATED WITH TRANSFER SERVER 8. USER AUTHENTICATED TRANSFER BEGINS Encrypt Data in Transit As a solution that promises strong security, Secure MFT always encrypts data using a FIPS 140-2 validated cryptographic module when transmitting over the network. The default transfer protocol employed by Secure MFT is the patented OpenText Fuel protocol. It is the next generation file transfer protocol designed by OpenText, and aims to offer a wide gamut of benefits that are missing from many traditional transfer protocols, such as: Acceleration of file transfers over high latency network by up to 80x faster than traditional transfer protocols Pause-and-resume capability to eliminate the need to restart file transfers from the beginning if the transfer is interrupted Data integrity check to verify checksum and guarantees bit-perfect transfer between parties and ensures that sent files arrived at their destination unaltered and uncompromised Ensure data are always encrypted before they are transmitted over the network OpenText Fuel protocol overcomes performance issues related to network latency that often plague TCP-based protocols by using a combination of User Datagram Protocol (UDP) and TCP. By default, the OpenText Fuel protocol operates on port 3000 (UDP) and 3000 (TCP). Secure MFT first generates SFTP / SSH packets, and then encapsulates these in OpenText Fuel packets before sending the payload over the wire. If one were to analyze the network traffic generated by Secure MFT, one will see the protocol wrapping as illustrated in Figure 2. Secure MFT uses Secure FTP (SFTP) and Secure Shell (SSH) protocols to prepare files for transmission and encryption. As a protocol, SSH is a well-known and respected secure transmission encryption mechanism, which provides very rich and varied options for end-point authentication, user authentication, encryption, and the ability to tamper-proof the data stream. With SSH, Secure MFT server and the client on the end-points will negotiate a unique key to encrypt the transmission, and that encryption key changes for every transfer. ENTERPRISE INFORMATION MANAGEMENT 4
FIGURE 2 OPENTEXT FUEL OpenText Fuel protocol diagram SFTP / SSH The cryptographic module is FIPS 140-2 validated and Secure MFT uses AES-128 as the encryption algorithm. Finally, before Secure MFT put data on the wire, it encapsulates SFTP / SSH packets in the OpenText Fuel protocol to provide the aforementioned productivity and performance enhancement. In summary, once a user s identity is established and the user initiates a file transfer session, file assets are passed through the SFTP/SSH layer to be formatted for transmission and establish a secure connection using a unique SSH session key, then optimized by the OpenText Fuel protocol layer for acceleration. On the wire, Secure MFT file transfer activities will be limited to only the UDP and TCP ports configured for OpenText Fuel protocol. OpenText Fuel protocol also ensures bit-perfect transfers by generating hash values of the file assets on both end-points, and compares the hash at the end of the transfer. The hash is based on the standard SHA-2 algorithm, which can be further validated with any open source tools. However, Secure MFT deploys a unique hashing process to ensure that pausing and resuming file transfers will not affect the checksum validation. Protect Data at Rest Secure MFT can be configured to encrypt all files as it stores them in the connected file storage system in order to provide an extra layer of security. Secure MFT uses a unique key, which it generates on a per-file basis to encrypt each file. The benefits of this approach are: No two files are encrypted by the same key No master key to unlock all files Data-at-rest encryption/decryption key for each file is made up of a number of pieces of information, some of which is dynamic so that there is no way for a malicious attacker to access a key on the system that will decrypt a file ENTERPRISE INFORMATION MANAGEMENT 5
Only senders and receivers of a transaction will have the permission to retrieve encrypted data from the storage through Secure MFT Only the metadata of a transaction are recorded in the audit logs, and only users with the Auditor role will be able to access the logs: Sender s name Recipient list Transaction start time and end time File names and the corresponding file size Expiration date/time Subject provided for the transaction Finally, Secure MFT renames the physical files using GUID when stored in the repository, further obfuscates the identity of those files from prying eyes. In the case of asset life cycle management, Secure MFT allows administrators to set the retention policy globally or let senders set the retention on a per-transaction basis. The access to files associated with a transaction is therefore time limited. Once the retention period is reached, links to those expired files cease to function. Administrators can configure Secure MFT to periodically remove files that are no longer associated with any active transactions from the file repository, and so sensitive assets will not remain on the server for any longer than necessary. Figure 3 The optional setting to encrypt the file repository, accessible from the Secure MFT Setup Console. FIGURE 3 The optional setting to encrypt the file repository, accessible from the Secure MFT Setup Console ENTERPRISE INFORMATION MANAGEMENT 6
Control Access by User Roles Secure MFT offers granular user roles, each with defined access rights. By assigning appropriate roles to users, Secure MFT administrators can effectively control the access to the solution. Available user roles include: Administrator Administrators can access the web administration console to create users, monitor ongoing transactions in real time, and modify Secure MFT server settings. But they do not have access to the Audit logs Auditor Auditors can log in to the web administration console solely to access the audit logs Sender Users with the sender role will be able to send files using Secure MFT Receivers Receivers can receive files Dashboard Access Dashboard Access gives users permission to access the user web dashboard Inviter Only users with the inviter role can invite additional users to join to the Secure MFT service Restricted Sender Administrators can restrict a user to only send files to a defined list of email addresses or domains by assigning that user with the Restricted Sender role. Miscellaneous Security Measures Secure MFT employs additional security measures to produce an all-around secure file transfer platform. Account provisioning Secure MFT leverages a multi-point provisioning process during user registration. It requires newly registered users to reconfirm their email address, and offers administrators the ability to moderate the registration by manually validating the registration requests to ensure the identity of the user and control the access to the solution. Both steps can be bypassed to streamline the registration process at the administrator s discretion. File type restrictions To further allow organizations to control the flow of corporate information, Secure MFT provides file type restrictions so companies can restrict users from sending files of certain types based on file extensions. For example, administrators can configure Secure MFT to reject files with extensions.exe.com, or.bat, which some consider inherently unsafe, or application-specific extensions to protect corporate intellectual properties. ENTERPRISE INFORMATION MANAGEMENT 7
Summary Data breaches are in the news constantly. These breaches have affected some of the largest and most recognized organizations in the world organizations with advanced security and intrusion detection. One source of information leak is in the file transfer, as many of those transfers are still taking place over unsecured network protocols initiated by unmanaged file transfer applications. Backed by more than 20 years of experience in providing enterprise-grade security solutions, OpenText Secure MFT delivers uncompromising security to organizations of any size to safely exchange files globally. The state-of-the-art design of Secure MFT ensures all factors that are directly and indirectly related to file transfer activities, including user authentication, data-in-transit and data-at-rest encryption, asset life cycle management, and user access rights, are strongly secured. By doing so, it helps organizations eliminate risk associated with rich digital content exchanges with a user-friendly file transfer solution, while increasing user productivity, confidentiality and security of file exchange with a single, centrally-managed solution. For more information about Secure MFT, please visit: http://www.opentext.com/securemft www.opentext.com/securemft NORTH AMERICA +1 800 304 2727 EUROPE, AFRICA +31 (0)23 565 2333 MIDDLE EAST +971 4 390 0281 JAPAN +81-3-4560-7810 SINGAPORE +65 6594 2388 HONG KONG +852 2884 6088 AUSTRALIA +61 2 9026 3400 Copyright 2015 Open Text Corporation OpenText is a trademark or registered trademark of Open Text SA and/or Open Text ULC. The list of trademarks is not exhaustive of other trademarks, registered trademarks, product names, company names, brands and service names mentioned herein are property of Open Text SA or other respective owners. All rights reserved. For more information, visit:http://www.opentext.com/2/global/site-copyright.html (11/2015)04013EN.rev1