Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20
  1. #11
    RTFM!! 5,000+ Posts allan's Avatar
    Join Date
    Apr 2010
    Location
    Centurion
    Posts
    5,387
    Rep Power
    152

    Re: Unsure FTP protocol

    Quote Originally Posted by Hansoon View Post
    Allan the reason for asking was that an IT-guy from a customer was bragging loudly in the presence of the customer that the Scan>FTP I installed, was a very irresponsible act from my side and I never EVER should have done that.

    In this case the MFP scans directly to a NAS, nothing else and the data does not even stay in the NAS

    He claimed that I should have known that and that I had put the customer's network at a very high risk.......

    You can imagine how I felt after this.

    Hans
    Yea I can Imagine. Its rough. You have integrity and then this ass-hole comes and does that. It hurts.
    Go back and tell them if this is a security risk the network is not secure to begin with.

    Quote Originally Posted by Gift View Post
    I think running a local FTP server for the purpose of scan-to-folder can't be a major security risk/breach - if someone is able to access it from the outside/WAN you'll probably have some more pressing issues to adress
    Exactly my reasoning. If your security on your LAN is good and you have both front end Firewall, DMZ and back end firewall then FTP in my opinion is just fine to use. If your threat is your staff then not much you can do.

    Quote Originally Posted by Brianneoe View Post
    "He claimed that I should have known that and that I had put the customer's network at a very high risk...."

    The IT guy was right but he is also a Jerk. Shake it off and get on with your day. Some IT guys need to build themself up to
    justify their existence and the overprice charges. Karma is a bitch.
    Yea it will his competence will come into question with an attitude like that.
    Whatever

  2. #12
    Service Manager 1,000+ Posts Gift's Avatar
    Join Date
    Mar 2011
    Location
    Gothenburg
    Posts
    2,316
    Rep Power
    86

    Re: Unsure FTP protocol

    Quote Originally Posted by rthonpm View Post
    It depends on the client. Almost all compliance standards now require as a minimum encryption in transit for data, if not encryption at rest as well. FTP is going to fail that requirement. Even for smaller customers, the risk is likely high because they likely are using consumer grade equipment which is likely out of support, or unmanaged.

    If you're setting up an FTP server with no credentials (anonymous authentication) then you also have no control over who can access files sent to it. If configured with passwords, those are sent to the server in the clear so any traffic sniffer can pull them. Even if it's working as a middleman before the file is moved somewhere else, you have a period of time where the files are in the clear.

    It's 2022: FTP is a protocol from a very different era. It should be considered as dead as SMB1 in any modern network. Its time has passed.

    Sent from my Pixel 6 Pro using Tapatalk

    It's true that FTP is something from the past and genereally I wouln't set it up of course. I also recommend to replace equipment that it heavily outdated.

    On the other hand there are certain kinds of customer that sticks to hard and software as long as it "works". Typicals sign's: Old computers with old OS, no IT support partner/admin, old MFPs (bought, not rented), sometimes even crappy furniture LOL... Fortunately our maintanance contracts states clearly that the customer (as beeing the operator) is in charge for installing and maintaining "his end" of IT set-up self responsibility. We do just offer "assistance" for the initial set up, adding drivers to new computers and stuff like that - all has nothing to do with the maintanance contract.

    If scan to ftp is the only way for keeping that kind of customer I'd check if the maintanance contract is worth enough to talk about these kinds of "workaround" and explain that this is what it is and of course not according method to modern standards - like I explain that I'm not be able to get all spare parts for his MFP. At the end of the day the resposibility to keep up the IT security isn't mine as long as there isn't any agreement for maintaining the IT security.

  3. #13
    Field Supervisor 500+ Posts
    Unsure FTP protocol

    techsxge's Avatar
    Join Date
    Jan 2022
    Location
    N/A
    Posts
    661
    Rep Power
    28

    Re: Unsure FTP protocol

    My Solution for this "Problem":

    Install a local FTP Server. Then let that FTP Server save whatever you need to a directory in a different subnet. From that subnet you can open a https server that allows you to securely transfer your data.


    Or you transfer them with a ssh and vpn.

  4. #14
    Field Supervisor 500+ Posts
    Unsure FTP protocol

    techsxge's Avatar
    Join Date
    Jan 2022
    Location
    N/A
    Posts
    661
    Rep Power
    28

    Re: Unsure FTP protocol

    Anohter idea i have is: Why dont just use Email? Almost every MFP can send Emails by now. Would open very less security holes in your System.

  5. #15
    Service Manager 2,500+ Posts
    Unsure FTP protocol

    Hansoon's Avatar
    Join Date
    Sep 2007
    Posts
    3,190
    Rep Power
    94

    Re: Unsure FTP protocol

    Quote Originally Posted by techsxge View Post
    Anohter idea i have is: Why dont just use Email? Almost every MFP can send Emails by now. Would open very less security holes in your System.
    Well, I don't know for my customers, but for me in my office this is too clunky. I have myself that nice "Quick 'n Easy FTP Server" on my workstation running with a dedicated folder for receiving scans and I will be happy with it until I got hacked and then perhaps reconsider.

    Hans
    " Sent from my Intel 80286 using MS-DOS 2.0 "

  6. #16
    Service Manager 2,500+ Posts
    Unsure FTP protocol

    Hansoon's Avatar
    Join Date
    Sep 2007
    Posts
    3,190
    Rep Power
    94

    Re: Unsure FTP protocol

    Quote Originally Posted by techsxge View Post
    My Solution for this "Problem":

    Install a local FTP Server. Then let that FTP Server save whatever you need to a directory in a different subnet. From that subnet you can open a https server that allows you to securely transfer your data.


    Or you transfer them with a ssh and vpn.
    Honestly and frankly speaking, this is rather “Chinese” for me......yet, but will dig into it for sure.

    Hans
    " Sent from my Intel 80286 using MS-DOS 2.0 "

  7. #17
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,790
    Rep Power
    108

    Re: Unsure FTP protocol

    Quote Originally Posted by Hansoon View Post
    Honestly and frankly speaking, this is rather “Chinese” for me......yet, but will dig into it for sure.

    Hans
    It involves putting the FTP server on a different network segment that only the MFP(s) would have access to over port 21, then using a web interface for the server accessible from your regular network over an HTTPS connection that allows you to touch the files sent to the server and move them somewhere else.

    It's going to need someone familiar with a customer's network to install and do it right the first time, though in larger organisations it's going to be fairly simple to do as they likely already have VLANs and other network segmentation in place.

    For trying to do something as simple as scanning, it's adding in layers of complexity that aren't necessary and involve a lot more hands to get working.

    If you're using FTP with customers, you're at the point where you need to really have 'the talk' with them. It's time to move on to a new device, or they're going to have to sign a pile of forms understanding that they are running an insecure system, that you've made them aware of it, and that they are taking on all of the risks of said device or system.

    Scan to SMB and scan to email are going to be much easier than trying to run through hoops just to get a document from paper into a file on a server.

  8. #18
    Service Manager 10,000+ Posts
    Unsure FTP protocol

    BillyCarpenter's Avatar
    Join Date
    Aug 2020
    Location
    Long Beach, Mississippi
    Posts
    13,375
    Rep Power
    448

    Re: Unsure FTP protocol

    It sounds to me like this customer is either cheap or has financial trouble. Either way, FTP doesn't seem like a good option to me. But at the end of the day that's between and customer and the agreement that you reach. I'd cover my ass, though. Trust but verify.
    Growth is found only in adversity.

  9. #19
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,790
    Rep Power
    108

    Re: Unsure FTP protocol

    Quote Originally Posted by BillyCarpenter View Post
    It sounds to me like this customer is either cheap or has financial trouble. Either way, FTP doesn't seem like a good option to me. But at the end of the day that's between and customer and the agreement that you reach. I'd cover my ass, though. Trust but verify.
    We have customers that still have network connected XP machines. However, we have a pile of paperwork to account for them, mainly in the form of compensating controls for ensuring that the systems can only access the internal resources they need to function. The customer has to either demonstrate an existing way of protection, or if we build it, then we have to demonstrate our work. Sometimes it's as simple as taking them offline, or as complex as VLANs and management computers that can access them, or converting them to VMs and building ways to access them.

    If a customer doesn't want to develop a plan, or just wants to refuse basic things like patching, then we have paperwork that states we have advised them that they are out of security best practises and that they by acknowledging they are assuming all risk. Generally that's enough of a stick to get them to join reality or modernity and actually accomplish something. If not, then we usually have the start of an exit plan to cook up.


    The scan to function of an MFP isn't the hill for a business to die on. Even a decent used machine can often drastically improve their situation.

    Sent from my Pixel 6 Pro using Tapatalk

  10. #20
    Field Supervisor 500+ Posts
    Unsure FTP protocol

    techsxge's Avatar
    Join Date
    Jan 2022
    Location
    N/A
    Posts
    661
    Rep Power
    28

    Re: Unsure FTP protocol

    Whenever i start to do network in a company, the first thing i do is let the customer sign a contract that states: "All Computers need to have the latest Updates installed unless told otherwise".
    If there are any not updated machines, i view this as a security concern and damages created (e.g. company getting hacked due to a emailed-virus), i'll not be responsible and be held accountable.
    By this, i either have all machine up to date or its the customers fault. Easy and clean.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here