Blog

Managed File Transfer and Network Solutions

Countering Packet Sniffers Using Encrypted FTP

Posted by John V. on Tue, Dec 11, 2012 @ 04:09 PM

Overview

A lot of people who often send files just love FTP. The File Transfer Protocol allows users to transmit volumes of files over the Internet through uncomplicated FTP clients, some of which are already built-in in the two popular operating systems, Windows and Mac OS X. Sadly, this well-loved technology is not very secure. That's why people who craft regulations like PCI DSS are wary of it. They know that an attacker armed with a packet sniffer can easily obtain usernames and passwords just by sniffing an FTP connection. 

Read More

Topics: JSCAPE MFT Server, Security

Protecting Your File Transfer Service from Internal Threats

Posted by John Carl Villanueva on Wed, Nov 21, 2012 @ 01:03 PM

Overview

Every year since 2010, Ponemon Institute conducts a research entitled "Cost of Cyber Crime Study". One of the main goals of the study is to quantify the economic impact of cyber attacks. This information is meant to help organizations determine the appropriate capital investment for countering these attacks or minimizing their impact. 

*This post was updated on July 11, 2015

Read More

Topics: JSCAPE MFT Server, Business Process Automation, Security, Secure File Transfer, FTP

Considerations When Setting Up Your DMZ's Reverse Proxy and Firewall

Posted by John V. on Tue, Sep 18, 2012 @ 09:00 AM

There are a number of things to consider when setting up the reverse proxy and firewalls in your DMZ. These things are going to have a significant impact on the performance and security not only on your file transfers but for your entire network in general, so you really need to weigh the advantages and disadvantages of each set up before deciding how you are going to put everything together. 

Read More

Topics: JSCAPE MFT Gateway, Security, FTP, Reverse Proxy

Choosing Key Lengths for Encrypted File Transfers

Posted by John Carl Villanueva on Fri, Jul 06, 2012 @ 10:31 AM

Overview

Whenever you generate a server key on JSCAPE MFT Server, you're asked to specify a key length. Since longer keys translate to stronger security, choosing the longer key length might seem like a no-brainer. But why did JSCAPE have to include an option for a shorter key then? Will there be instances where you'll have to choose the shorter key? The answer is yes. And in this post, we'll explain when that can be the case.

 

Read More

Topics: JSCAPE MFT Server, Managed File Transfer, Security, Secure File Transfer, JSCAPE MFT Monitor

How to Secure PCI-DSS FTP Compliance

Posted by John V. on Tue, Jun 19, 2012 @ 11:27 AM

Overview

PCI-DSS (Payment Card Industry Data Security Standard) contains a couple of requirements that practically discourage organizations who handle credit card data from using FTP for their file transfers. In this post, we'll examine those requirements more closely to see what the options are for those who still find it difficult to ditch this antiquated technology. 

Read More

Topics: JSCAPE MFT Server, Managed File Transfer, Security, Compliance, PCI-DSS, Secure File Transfer

Using DLP to Protect Credit Card Data - Part 3

Posted by John Carl Villanueva on Tue, Jun 12, 2012 @ 11:06 AM

Applying OpenPGP encryption to a file containing credit card numbers

In Part 1, we showed you how to configure DLP on a group directory in order to detect uploaded files that contained credit card numbers. Then in Part 2, we laid out the steps for sending an automatic email notification whenever such files were detected. This time, we're going to teach you how to protect those files using OpenPGP encryption.  

Read More

Topics: JSCAPE MFT Server, Managed File Transfer, Business Process Automation, Security, Data Loss Prevention, OpenPGP

Using DLP to Protect Credit Card Data - Part 2

Posted by John Carl Villanueva on Thu, Jun 07, 2012 @ 12:18 PM

If you followed the steps in Part 1, then you should now have a DLP-enabled group. That group directory will have the capability to detect files stored in it that contain certain credit card numbers. If a member of that group attempts to download such a file, the server will prevent the download from taking place and fire a "DLP rule matched" event. In the screenshot below, a user is prevented by JSCAPE's DLP from downloading a file containing MasterCard numbers.

Read More

Topics: JSCAPE MFT Server, Managed File Transfer, Business Process Automation, Security, Data Loss Prevention

Using DLP to Protect Credit Card Data - Part 1

Posted by John Carl Villanueva on Thu, May 31, 2012 @ 09:46 AM

Overview

A large share of all data security breach incidents involve non-malicious company insiders. In fact, Ponemon's "2013 Cost of Data Breach Study: Global Analysis" revealed that an astounding 35% of data security breaches in 2012 were simply caused by negligent employees or contractors. In a file transfer server, where multiple users can share a single folder, such incidents can easily happen.

Read More

Topics: JSCAPE MFT Server, Managed File Transfer, Business Process Automation, Security, Data Loss Prevention

Required MFT Server Password Settings for PCI DSS Compliance - Part 2

Posted by John Carl Villanueva on Fri, May 25, 2012 @ 02:15 PM

In part 1, we enumerated all PCI-DSS requirements that directly affected password settings and practices. Here, we're going to show you how and where in JSCAPE MFT Server you can configure settings in order to meet those requirements.

Read More

Topics: JSCAPE MFT Server, Managed File Transfer, Security, Compliance, Secure File Transfer

Required MFT Server Password Settings for PCI DSS Compliance - Part 1

Posted by John V. on Wed, May 23, 2012 @ 02:14 PM

Overview

Certain PCI-DSS requirements dictate how passwords should be generated, managed and used in file transfer systems located within or connected to your cardholder data environment. In this post, we'll identify what those requirements are and then point to ways you can meet them when using JSCAPE MFT Server.

Read More

Topics: JSCAPE MFT Server, Managed File Transfer, Security, Compliance, PCI-DSS, Secure File Transfer