|
|
|
|
|
The following security features are functions of the MOVEit software and exist in addition to the hardening of the operating system and associated application services.
During transport MOVEit uses SSL or SSH to encrypt communications. The minimum strength of the encryption used during web transport (e.g., 128-bit) is configurable within the MOVEit interface.
This value is configurable by organization. To configure this value for any particular organization, sign on as a SysAdmin, view the organization for which this value should be set, and click the "Change Req" link to set the value.
Note: If you set the minimum encryption value of the System organization (#0), you can apply your setting to ALL organizations in the system.
MOVEit stores all files on disk using FIPS 140-2 validated 256-bit AES (http://csrc.nist.gov/encryption/aes), the US federal standard for encryption. MOVEit Crypto, the encryption engine on which MOVEit relies, has been certified by the United States and Canadian governments for cryptographic fitness under the FIPS 140-2 guidelines.
MOVEit also overwrites just-deleted files with random bytes to prevent encrypted files from remaining on a physical disk after users thought them to have been destroyed.
If files received by MOVEit were copied to a large cleartext memory buffer, Trojan programs could potentially "sniff" sensitive files out of these spaces.
Instead MOVEit spools pieces of files received into much smaller buffers, encrypts them and writes them to disk almost immediately. Spooling files in this manner reduces overall exposure in two ways: 1) reduces amount of information exposed and 2) reduces time information is exposed. (This technique also yields some important performance gains.)
(A frequently asked question regarding this issue is "why not just store the file using SSL or SSH" - a short answer to this question is: SSL or SSH uses temporary keys which are renegotiated each time a client establishes a new connection, and we need "more permanent" keys for storage.)
When certain file transfer clients are used with a MOVEit server, the integrity of transferred files will be confirmed. All MOVEit secure FTP, API and web-based clients (including the upload/download Wizard) support integrity checking. Other FTP clients can also take advantage of integrity checks; see FTP - Interoperability - Integrity Check How-To for more information.
To perform an integrity check, both the client and the server obtain a cryptographic hash of the transferred file as part of the last step of the transfer. If the values agree, both sides "know" that the file transferred is completely identical to the original. The results of any integrity check are not only displayed to the user of the file transfer client but stored for ready access on the MOVEit server.
All MOVEit secure FTP, API, and web-based clients (including the upload/download Wizard) support integrity checking.
Note: Integrity checking is a separate step when using the JavaScript Wizard.
When used with MOVEit Automation, MOVEit supports "event-driven" transfers which allow files to begin spooling to internal servers as soon as they land on an Internet-facing MOVEit server. This prevents even encrypted files from remaining on the server for longer than absolutely necessary.
MOVEit supports file transfer resume on both its HTTPS and FTPS interfaces. In addition to being useful during transfers of multi-gigabyte file, this feature is also a secure feature in the sense that it makes large file transfers less susceptible to denial-of-service attacks.
Enforceable folder size quotas can be set on various folders to prevent system storage from being exhausted.
Enforceable user size quotas can be set on various users to prevent them from exhausting system storage.
Individual end-user members of a group can be designated as Group Admins. These users then are able to administrate the users, folder permissions and address books in their group, subject to various parameters set by organization administrators.
Email notifications are sent to administrators when users are locked out, when the internal consistency checker notices something amiss with the database, etc.
MOVEit can be configured to never allow users to download what they have just uploaded into the system. This configuration alone can prevent users from misusing MOVEit as a repository of personal or restricted materials. (Another common way to handle this scenario is through the use of IP restrictions.)
Users can be forced to change their passwords periodically with the MOVEit password aging features. Users will also be warned (via email) several days in advance of actual expiration, and notified again when their password expires.
MOVEit can be configured to remember a certain number of passwords and prevent users from reusing those passwords.
Various password complexity requirements can be set on MOVEit, including number/letter, dictionary word and length requirements.
If someone attempts to sign on to a valid account with an incorrect password too many times, their account can be locked out and administrators will be notified via email.
A very real concern of administrators of any authenticated resource which supports account lockouts is that someone will get a list of valid usernames and lock all of them out. To mitigate this risk, MOVEit offers a feature which will prevent a machine with a specific IP address from making any further requests of the system if MOVEit sees too many bad signon attempts. Administrators will also be notified via email when this occurs.
Specific users or classes of users can be restricted to certain ranges of IP addresses and/or hostnames.
MOVEit logs not only signon and signoff events, but permission changes, new user additions and other actions which directly affect the security of the system. Realtime views of this audit trail as well as detailed query tools are available on the Logs and Report pages. All log entries are cryptographically chained together in a way that makes any tampering (add, delete, change) of audit logs evident.
MOVEit's RADIUS and LDAP clients support any standard RADIUS and LDAP servers, including Microsoft's Internet Authentication Server, Novell's BorderManager, Microsoft Active Directory, Novell eDirectory, Sun iPlanet and IBM Tivoli Access Manager (SecureWay).
MOVEit does not reveal its product name to unauthorized users via the SSH and FTP interfaces and can be configured to hide this information from web users as well. Version numbers are also only available to authorized users. Obscuring this information prevents hackers from figuring out what they are attacking without doing a fair amount of research.
All major interfaces of MOVEit (SFTP, FTPS, HTTPS) support the use of SSL (X.509) client certificates and SSH client keys. SSL client certs and SSH client keys are usually installed on individual machines, but SSL client certificates are also available as hardware tokens.
When used with a username, IP addresses, passwords and client keys/certs offer one-, two- or three-factor authentication.
Organizations worried about storing username-hash combinations on MOVEit's protected database can use the External Authentication feature and move all non-administrative usernames and passwords to RADIUS or LDAP servers. (Access to the remaining administrative usernames can be locked to specific, internal-only IP addresses.)
There is a way to store MOVEit encrypted files in a location that is not in a DMZ. It is to deploy MOVEit on a piece of an existing storage area network (SAN).
To prevent keystroke logging software and hardware from capturing the keystrokes used to sign on to a MOVEit using a web browser, a clickable keyboard is provided as an alternate method of data entry. The same keyboard also protects other password fields used throughout the application to protect other users as well.
To help prevent cross-frame scripting attacks against MOVEit, the web interface will prevent itself from being loaded in a frame or iframe window. This can be overridden using the "contentonly" flag, if the goal is to integrate MOVEit with an existing portal application using frames. See the URL Crafting doc page for further details.
See Also |