#11 TOP TIP
for Globalscape EFT Server
Protecting your EFT from malicious attacks
We have seen many reports in the news of malicious attacks with the NHS being the most recent. Coupled with that, the news that fines could be handed out of up to £17 million or 4% of global turnover if companies fail to protect themselves. With this fresh on everyone’s mind, it’s the perfect time to look at how EFT helps protect your network.
What does EFT do to protect you from malicious attacks?
EFT protects your data from malicious access attempts in several ways. In addition to the various authentication methods and multi-factor authentication, EFT also contains code.The code blocks multiple failed attempts to access your system. This auto ban system works by identifying potential attacks based on the number of failures which happen across a defined period. Too many failures in too short a time will trigger the anti-hammering system. As a result, a ban of the IP address. EFT checks all incoming connections against the ban list of IPs and will refuse the connection from any address on the list.
If the connection IS allowed into the system, EFT will track the number of incorrect commands sent during a connection. If the number of these exceeds a threshold, then EFT will disconnect the session and add the IP to the ban list. EFT therefore actively protects itself from both denial-of-service and command oriented malicious attacks.
Customising your protection from malicious attacks
A slider on the denial-of-service pop up on a site’s “connections” tab will allow you to discretely configure these settings on a site per site basis.
Setting the sensitivity to very low allows for more incorrect commands to be sent in a short period of time before being banned. The very high setting will ban after only a few incorrect commands in a short period of time.
IPs can be “whitelisted” by adding them to the IP Access rules table with an explicit “Allow”. An IP which is “Allow” ed will not be entered onto the ban list, irrespective of the number of failed commands or login attempts it makes.
We see many malicious attacks attempted on our systems, and many use predictable usernames. These are “root”, “Admin”, “backup”, “user” and “master”. We would always recommend NOT having user accounts with these common names.
If you would like the visibility of the “Security – Failed Logins” a report in the Auditing and Reporting Module for EFT will show you a list of access attempts, along with the IP and username attempted.
If security is a focus for your organisation particularly around data in transit or at rest, encryption, authentication or malware protection, the EFT modules below could offer you a solution.
Need Additional UK-Based Globalscape Training and Support?
Pro2col have been accredited by Globalscape as their Master Partner, and our team includes two of the UK’s leading EFT Enterprise experts, simply waiting to help you get the most out of your solution with a whole host of designed and bespoke services.