Cerberus Secure and Reliable File Transferring Made Easy!
 
Support

The Summary View

Understanding the Summary View

Available in Cerberus FTP Server 5.0, the Summary View provides the administrator with a one page overview of the server's configuration and any potential security issues that may be present.

The server scans the current Cerberus configuration at startup, and every time a configuration change is made, to look for any potential security issues that might result from the current system configuration. System warnings and messages are displayed in the System Messages list and each protocol type is given an overall security status indicator.

Cerberus FTP Server 5 Summary View
Cerberus FTP Server 5.0 Summary View

The possible status for each protocol type are:

  • Secure - All listeners currently active for this protocol type are configured to accept only encrypted connections.
  • Not Secure - Some or all listeners currently active for this protocol type are configured to allow unencrypted connections.
  • Disabled - There are no listeners currently active on the server for this protocol.

Common System Messages

There are generally two types of system messages displayed in the System Messages list - general messages and security messages.

Anytime a protocol is listed as Not Secure there will be a system security message detailing the reason. Common system messages, their explanation and resolution, if applicable, are detailed below.

  • FTP Listener X can allow unencrypted control or data connections

    Background: Normal FTP has no encryption and therefore allows passwords and data to be transmitted in the clear over a network. To address this security issue, two secure forms of FTP were developed called implicit FTPS and explicit FTPES. Implicit FTPS is very similar to HTTPS and takes place on a completely separate port from typical FTP. Interfaces of this type are always encrypted and considered secure. Explicit FTPES, however, starts on a normal unencrypted FTP connection and is then "upgraded" to a secure connection through special FTP commands. This type of connection depends on the client issuing commands instructing the server to enable encryption. However, the client can also continue as a normal FTP connection without enabling encryption. This situation allows for unencrypted connections and presents a security issue for servers.

    Resolution: To resolve this issue and still allow FTP access there are two possible solutions. One is to remove all FTP listeners and only enable FTPS listeners. FTPS listeners only accept encrypted communications and are considered secure.

    If you wish to also allow FTPES secure connections then you must instruct the server to require encryption before allowing a connection to proceed. To require the FTP listener to require encryption, go to the Interfaces page of the Server Manager and for each FTP interface, select the Require Secure Control and  Require Secure Data options.

  • HTTP Listener X only accepts unencrypted connections

    Background: Connections of type HTTP are always unencrypted and are therefore very susceptible to inspection on a network. System administrators are encouraged to disable HTTP listeners in favor of secure HTTPS listeners.

    Resolution: To resolve this issue the system administrator must disable any HTTP listeners in the system. HTTPS listeners will not trigger a security issue.

Home | Products | Download | Store | Contact Us | Support | Privacy Policy | Public Forums Disclaimer

Copyright © 2012 Cerberus, LLC

Follow us on Twitter Share with Facebook Read RSS Feeds