FTP Dashboard: Detect and Mitigate FTP Data Leaks
Back to top
February 5, 2015
FTP Dashboard: Detect and Mitigate FTP Data Leaks
Most administrators rarely understand their FTP traffic profile until it's too late. The following are some basic questions every administrator should know when trying to secure their data:
- How many systems are running the FTP service?
- What are the most active FTP nodes?
- Who are the most active users?
- How much throughput does FTP consume?
- What are the most requested files?
My kneejerk reaction was to turn to the ExtraHop community. It's a burgeoning ecosystem of users collaborating and sharing to solve similar problems. I found a number of users with similar needs but no published solution, so I thought, "OK, let's do it!"
Identifying FTP Nodes
The Most Active FTP widget shown below tracks internal and external FTP requests and responders in real time. This provides a simple interface that quickly recognizes FTP talkers and list them by volume. If you see unusual communication with an unauthorized node you can promptly take action. If you believe there is a data leak this would be a great starting point to investigate further.
Identifying FTP Users
Identifying Files Sent Over FTP
FTP Server Resources
FTP Status Codes
Summary
Discover more
Chaos Engineer, Celebrity Blogger, Disruptor-in-Chief
Ken Pickles is the Chaos Engineer, Celebrity Blogger, and Disruptor-in-Chief at ExtraHop. His main tasks include arguing that it wasn't DNS (it's always DNS), using employee workstations to mine his new pickle-themed cryptocurrency, DillCoin (DLCN), and inserting smiley faces into the machine logs.
We don't see Ken P. around the office much, since he's a fictional character without a corporeal form, but he makes occasional appearances around our website.
Share
