[PLUG] FTP-response clarification
Tim
tim-pdxlug at sentinelchicken.org
Wed May 6 20:39:52 UTC 2015
> the concern is with tracking what people on the inside transfer to locations on the outside.
> We can't control the services made available outside.
You can block the port outbound. If the DLP can detect FTP in
general, surely it could block FTP on other ports as well based on
handshake inspection.
FTP is really problematic for a number of reasons. Can it be
configured securely? Yeah, but only after lots of testing and
requring clients use specific software in specific configurations.
I too recommend it just be blocked. If a user has a legit reason to
use it, first try to convince them and the service they are using to
leverage an alternative. Failing that, whitelist only that site and
encourage FTPS/SFTP.
tim
More information about the PLUG
mailing list