In the wake of the 2010 Wikileaks controversy, the United States Congress ordered the Office of the Director of National Intelligence to conduct an audit of all the security clearances granted by the US Government. The results were surprising to some. A total of 4.2 million people – which the Washington Post notes “rivals the population of metropolitan Washington” – have active security clearances to access government-classified data.
Although we’re just learning of this report, the numbers are dated to October 2010, which means this number has most likely grown over the past 11 months. It also dwarfs some experts’ expected numbers, raising some concerns about the security of our nation’s important data.
Others don’t think this number is high – and argue that it is a result of increased Government secrecy in the recent years. Additionally, figuring all military personnel and the entire workforces of the FBI and CIA agencies will have some level of clearance, the number seems much more palatable.
Regardless of the number, the security of our government’s most important and sensitive data should be very closely monitored. As technology has made accessing data exponentially more efficient and immediate, the safety and security of the transfer and storage of this sensitive data should be of top priority.
Read the full article and comments favoring both sides over at the Huffington Post: http://www.huffingtonpost.com/2011/09/20/security-clearances-government-classified-information_n_972492.html
Have you ever accidentally mistyped a recipient’s email address and sent information to the wrong person? If so, you may want to double check what you send and to whom you’re sending it to.
In a recent post on gizmodo.com, two researchers were able to grab 20 gigabytes worth of data from Fortune 500 companies in a span of six months. The researchers set up doppelganger domains to mimic legitimate domains that belonged to Fortune 500 companies. Doppelganger domains are domains that are spelled almost identically to legitimate domains. Therefore, users are vulnerable to email interception when they mistype a recipient’s email address.
To test the vulnerability of a few Fortune 500 firms, the researchers set up 30 doppelganger accounts to see what they would come up with. To their surprise, the accounts they set up attracted 120,000 emails in their six month experiment. Within these emails, the researchers received employee usernames and passwords, trade secrets, employee personal data and contracts for business transactions.
Out of the 30 doppelganger accounts, only one firm noticed what was going on once they registered the domain. Also, out of the 120,000 emails they received, only two senders recognized their mistake.
As you can see, the two researchers were able to grab a ton of valuable information in a short span of time. This information can be extremely harmful to an individual and/or company if an attacker got his/her hands on it. For future notice, please be careful when sending out emails.
For more on this story, follow gizmodo and their latest posts on Security:
Ipswitch just released WS_FTP Server 7.5.1, a new version of their secure file transfer server software line. WS_FTP Server can now be deployed in a failover configuration to achieve high availability for increased uptime and reliability.
The new update also introduces:
Multiple SSH keys per authenticated user: A single user may now authenticate with two, three, or more different SSH client keys, allowing for multi-factor authentication without the administrative hassle of key replication and coordination.
New operating system support: Microsoft 64-bit only “R2” operating systems in English & German. We also now support Microsoft Windows Server 2008 in German.
E-mail attachments really don’t cut it. With e-mail, you have little control of how long it takes for someone to get your file. There are limits on file size and you’re unable to resume downloads that cut-out before they are complete.
Running an FTP server on your computer can virtually guarantee that your friends, co-workers, and vendors can get all your files in a timely, secure manner. Running an FTP server is safe. FTP servers allow you full control over who can login to your computer, which files they can access, and whether or not they’re able to upload.”
Check out this detailed review of WS_FTP Server 7.5 by Jason Moran on ServerWatch.com.
“When you need to exchange sensitive files with customers or business partners, simply tacking them onto e-mails as attachments isn’t an option — at least not if you’re governed by any of the alphabet soup of data privacy regulations. Rather, you need a secure file transfer product, such as Ipswitch’s WS_FTP Server 7.5.”
An April survey conducted by MeriTalk, a government information technology provider, titled “Why Encrypt? Federal File Transfer Report,†found that data security vulnerabilities at federal agencies are mainly due to employees’ use of unsecure methods to exchange information, such as File Transfer Protocol (FTP).
Specifically, the report shows that federal employees use unsafe methods to transfer files in the following ways:
66 percent use physical media (e.g., tapes, CDs, DVDs, USB drives, etc.).
60 percentuse FTP.
52 percent send work files through personal e-mail accounts (e.g., Gmail, Yahoo, etc.).
This article on Government Computer News goes on to mention the insecure methods of sharing data/information. This reinforces the need to deploy secure file transfer methods in not only government agencies, but in the private business sectors as well.
Ipswitch File Transfer recently released an Ad Hoc Transfer Module application that provides unparalleled governance, and allows end users to share information, with anyone, in a fast, easy, secure, visible, and well managed way. Â
Used in conjunction with any of the industry-leading WS_FTP Server products, the Ad Hoc Transfer module enables companies to proactively manage file transfer and other interactions. It also allows companies to create and enforce policies such as data and transport encryption, access control and authentication, data loss prevention, and content management.
Selecting a secure file transfer method can be a very critical component of your organization’s security policy — and even a requirement! Many different industries require compliance and regulations around how data is shared, transferred, uploaded, downloaded and stored from PCs to file servers.
This concise chart below provides a breakdown of the different secure file transfer methods available in most business-grade file transfer programs.
The WS_FTP Professional Security Guide provides more information around the different layers of security.
This new module eliminates the need for email attachments which burden corporate email servers. IT managers can use WS_FTP Server Ad Hoc Transfer Module to enforce file sharing policies and have full visibility into the company’s file sharing activities.
Ipswitch’s website has been updated with all the details and features of the new module.
The simple benefits are summed up like this:
 1.Complete visibility into all file sharing activities 2.Proactively manage all file sharing interactions, both internal and external to the company, organization or domain 3.Enforce administrator defined policies and rules for sending files to other people 4.Remove the “file attachment†burden from the email server
A concise 2-minute overview of Ipswitch’s client + server secure file transfer relationship. This video describes old FTP processes, and how the environment has changed with encrypted transfers and stronger client to server security.
Large files, such as an architect’s blueprint or a software executable, can take longer to transfer. If you regularly transfer large files, you can use Multipart mode to speed up the transfer.
When in Multipart mode, WS_FTP splits large files into smaller segments and downloads all segments via different, yet concurrent, connections. This decreases the total download time for large individual files.
Check out the WS_FTP Tools Guide, page 7, for step-by-step instructions for setting up Multipart Mode
Formerly FTPplanet.com, we have redesigned and relaunched as FileTransferPlanet.com, a community site for discussions about file transfer, web design, software deals, and other cool topics! Registration is free -- Post a question in the Discussion Forums or comment on any blog posts.
Monday, September 26, 2011
2
