One of our clients was interested in the FTP Guard4i product and wanted to secure their FTP environment from unauthorized access. We installed the product and set the security so that all FTP access would now be monitored and restricted. Unfortunately after a few minutes we had to turn off the security because the client had not understood just how much FTP activity was carried out on his system. This was a problem because they did see some attempts to access the system using FTP from unauthorized users yet they could not identify all the authorized users until they hit the site and were rejected by the security settings. At first we were just adding users as they showed up in the log after checking that they were in fact authorized, but that gave a number of issues because the FTP access used by the users was not built to recover when the request was rejected. So we eventually turned off the security and left it up to the normal object security to handle the issues until we came up with a solution.
This concerned us as we did not like the fact that FTP activity was going on and the client was unable to see just how bad the problem was. So we started to think about how we can show the problem exists while not affecting the existing processes. Eventually we made a change to the programs that would allow the security to circumvented while still logging exactly what and who used the FTP services. Now the client is able to see all activity and we can build the FTP security using the log information before implementing the fully secured environment.
FTP is very unsecure and should be turned off where possible, if you must have FTP services turned on we suggest you investigate the installation of a security and logging package such as our FTP Guard4i. Just understanding the level of FTP activity that is going on could help you determine just how exposed to data theft you are.