Unsure FTP protocol

Re: Unsure FTP protocol

Honestly and frankly speaking, this is rather “Chinese” for me......yet, but will dig into it for sure.

Hans

Re: Unsure FTP protocol

It involves putting the FTP server on a different network segment that only the MFP(s) would have access to over port 21, then using a web interface for the server accessible from your regular network over an HTTPS connection that allows you to touch the files sent to the server and move them somewhere else.

It's going to need someone familiar with a customer's network to install and do it right the first time, though in larger organisations it's going to be fairly simple to do as they likely already have VLANs and other network segmentation in place.

For trying to do something as simple as scanning, it's adding in layers of complexity that aren't necessary and involve a lot more hands to get working.

If you're using FTP with customers, you're at the point where you need to really have 'the talk' with them. It's time to move on to a new device, or they're going to have to sign a pile of forms understanding that they are running an insecure system, that you've made them aware of it, and that they are taking on all of the risks of said device or system.

Scan to SMB and scan to email are going to be much easier than trying to run through hoops just to get a document from paper into a file on a server.

Re: Unsure FTP protocol

It sounds to me like this customer is either cheap or has financial trouble. Either way, FTP doesn't seem like a good option to me. But at the end of the day that's between and customer and the agreement that you reach. I'd cover my ass, though. Trust but verify.

Re: Unsure FTP protocol

We have customers that still have network connected XP machines. However, we have a pile of paperwork to account for them, mainly in the form of compensating controls for ensuring that the systems can only access the internal resources they need to function. The customer has to either demonstrate an existing way of protection, or if we build it, then we have to demonstrate our work. Sometimes it's as simple as taking them offline, or as complex as VLANs and management computers that can access them, or converting them to VMs and building ways to access them.

If a customer doesn't want to develop a plan, or just wants to refuse basic things like patching, then we have paperwork that states we have advised them that they are out of security best practises and that they by acknowledging they are assuming all risk. Generally that's enough of a stick to get them to join reality or modernity and actually accomplish something. If not, then we usually have the start of an exit plan to cook up.


The scan to function of an MFP isn't the hill for a business to die on. Even a decent used machine can often drastically improve their situation.

Sent from my Pixel 6 Pro using Tapatalk

Re: Unsure FTP protocol

Whenever i start to do network in a company, the first thing i do is let the customer sign a contract that states: "All Computers need to have the latest Updates installed unless told otherwise".
If there are any not updated machines, i view this as a security concern and damages created (e.g. company getting hacked due to a emailed-virus), i'll not be responsible and be held accountable.
By this, i either have all machine up to date or its the customers fault. Easy and clean.