Previous Topic

Next Topic

Book Contents

Book Index

Security

The following security features are functions of the MOVEit software and exist in addition to the hardening of the operating system and associated application services.

Transport Encryption

During transport MOVEit uses SSL or SSH to encrypt communications. The minimum strength of the encryption used during web transport (e.g., 128-bit) is configurable within the MOVEit interface.

This value is configurable by organization. To configure this value for any particular organization, sign on as a SysAdmin, view the organization for which this value should be set, and click the "Change Req" link to set the value.

Note: If you set the minimum encryption value of the "System" organization (#0), you will be given the chance to apply your setting to ALL organizations in the system.

Storage Encryption

MOVEit stores all files on disk using FIPS 140-2 validated 256-bit AES (http://csrc.nist.gov/encryption/aes), the US federal standard for encryption. MOVEit Crypto, the encryption engine on which MOVEit relies, is only the tenth product to have been vetted, validated and certified by the United States and Canadian governments for cryptographic fitness under the rigorous FIPS 140-2 guidelines.

MOVEit also overwrites just-deleted files with random bytes to prevent even encrypted files from lingering on a physical disk after users thought them to have been destroyed.

Precautions Taken During Transport-Storage Exchange

If files received by MOVEit were simply copied to a large cleartext memory buffer, trojan programs could potentially "sniff" sensitive files out of these spaces.

Instead MOVEit spools pieces of files received into much smaller buffers, encrypts them and writes them to disk almost immediately. Spooling files in this manner reduces overall exposure in two ways: 1) reduces amount of information exposed and 2) reduces time information is exposed. (This technique also yields some important performance gains.)

(A frequently asked question regarding this issue is "why not just store the file using SSL or SSH" - a short answer to this question is: SSL or SSH uses temporary keys which are renegotiated each time a client establishes a new connection, and we need "more permanent" keys for storage.)

Integrity Checking

When certain file transfer clients are used with a MOVEit server, the integrity of transferred files will be confirmed. All MOVEit secure FTP, API and web-based clients (including the upload/download Wizard) support integrity checking. Other FTP clients can also take advantage of integrity checks; see "FTP - Interoperability - Integrity Check How-To" for more information.

To perform an integrity check, both the client and the server obtain a cryptographic hash of the transferred file as part of the last step of the transfer. If the values agree, both sides "know" that the file transferred is completely identical to the original. The results of any integrity check are not only displayed to the user of the file transfer client but stored for ready access on the MOVEit server.

All MOVEit secure FTP, API, and web-based clients (including the upload/download Wizard) support integrity checking.

Note: Integrity checking is a separate step when using the JavaScript Wizard.

Immediate Transfer off Server

When used with MOVEit Central, MOVEit supports "event-driven" transfers which allow files to begin spooling to internal servers as soon as they land on an Internet-facing MOVEit server. This prevents even encrypted files from remaining on the server for longer than absolutely necessary.

Transfer Resume

MOVEit supports file transfer resume on both its HTTPS and FTPS interfaces. In addition to being useful during transfers of multi-gigabyte file, this feature is also a secure feature in the sense that it makes large file transfers less susceptible to denial-of-service attacks.

Folder Quotas

Enforceable folder size quotas can be set on various folders to prevent system storage from being exhausted.

User Quotas

Enforceable user size quotas can be set on various users to prevent them from exhausting system storage.

Delegation of Authority

Individual end-user members of a group can be designated as Group Admins. These users then are able to administrate the users, folder permissions and address books in their group, subject to various parameters set by organization administrators.

Administrative Alerts

Email notifications are sent to administrators when users are locked out, when the internal consistency checker notices something amiss with the database, etc.

One-Way Workflows

MOVEit can be configured to never allow users to download what they have just uploaded into the system. This configuration alone can prevent users from misusing MOVEit as a repository of personal or restricted materials. (Another common way to handle this scenario is through the use of IP restrictions.)

Password Aging

Users can be forced to change their passwords periodically with MOVEit's password aging features. Users will also be warned (via email) several days in advance of actual expiration, and notified again when their password expires.

Password History

MOVEit can be configured to remember a certain number of passwords and prevent users from reusing those passwords.

Password Strength Requirements

Various password complexity requirements can be set on MOVEit, including number/letter, dictionary word and length requirements.

Account Lockout

If someone attempts to sign on to a valid account with an incorrect password too many times, their account can be locked out and administrators will be notified via email.

IP Lockout

A very real concern of administrators of any authenticated resource which supports account lockouts is that someone will get a list of valid usernames and lock all of them out. To mitigate this risk, MOVEit offers a feature which will prevent a machine with a specific IP address from making any further requests of the system if MOVEit sees too many bad signon attempts. Administrators will also be notified via email when this occurs.

Restricted IP/Hostname Access

Specific users or classes of users can be restricted to certain ranges of IP addresses and/or hostnames.

Detailed, Tamper-Evident Audit Logging

MOVEit logs not only signon and signoff events, but permission changes, new user additions and other actions which directly affect the security of the system. Realtime views of this audit trail as well as detailed query tools are available on the Logs and Report pages. All log entries are cryptographically chained together in a way that makes any tampering (add, delete, change) of audit logs evident.

Remote Authentication

MOVEit's RADIUS and LDAP clients support any standard RADIUS and LDAP servers, including Microsoft's Internet Authentication Server, Novell's BorderManager, Microsoft Active Directory, Novell eDirectory, Sun iPlanet and IBM Tivoli Access Manager (SecureWay).

Obscured Product and Version Identity

MOVEit does not reveal its product name to unauthorized users via the SSH and FTP interfaces and can be configured to hide this information from web users as well. Version numbers are also only available to authorized users. Obscuring this information prevents hackers from figuring out what they are attacking without doing a fair amount of research.

Client Certificates and Client Keys

All major interfaces of MOVEit (SFTP, FTPS, HTTPS) support the use of SSL (X.509) client certificates and SSH client keys. SSL client certs and SSH client keys are usually installed on individual machines, but SSL client certificates are also available as hardware tokens.

Multiple Factor Authentication

When used with a username, IP addresses, passwords and client keys/certs offer one-, two- or three-factor authentication.

External Authentication

Organizations worried about storing username-hash combinations on MOVEit's protected database can use the External Authentication feature and move all non-administrative usernames and passwords to RADIUS or LDAP servers. (Access to the remaining administrative usernames can be locked to specific, internal-only IP addresses.)

Not-In-DMZ Storage Option

There is a way to store MOVEit encrypted files in a location that is not in a DMZ. It is to deploy MOVEit on a piece of an existing storage area network (SAN).

Web Browser "Clickable Keyboard" Keystroke Logging Protection

To prevent keystroke logging software and hardware from capturing the keystrokes used to sign on to a MOVEit using a web browser, a clickable keyboard is provided as an alternate method of data entry. The same keyboard also protects other password fields used throughout the application to protect other users as well.

Cross-Frame Scripting Protection

To help prevent cross-frame scripting attacks against MOVEit, the web interface will prevent itself from being loaded in a frame or iframe window. This can be overridden using the "contentonly" flag, if the goal is to integrate MOVEit with an existing portal application using frames. See the URL Crafting doc page for further details.