TCP port 21 FTP vulnerabilities
(Last updated on January 31, 2022)
Since the birth of the Internet, one of the exciting capabilities it has enabled is the ability to transfer data from one place to another over long distances. One of the first protocols designed for transferring files from one node to another is File Transfer Protocol (FTP). FTP has long been used to transfer files over the Internet. However, as cybersecurity concerns and attack risks have escalated, businesses must consider port 21 FTP vulnerabilities. What is the port 21 vulnerabilities associated with FTP? What protective measures do companies need to take with transferring files over the Internet?
What is File Transfer Protocol (FTP)?
File Transfer Protocol (FTP) has been around for quite some time and was designed to transfer files between computers over the Internet. FTP works by establishing a connection between two network nodes. It is one of the most frequently used network protocols and, despite the age of the protocol, there are still millions of FTP sites on the Internet today.
FTP is a robust and stable protocol often used behind other applications that need to transfer files. Despite being commonly described as port 21 traffic, FTP can also use TCP ports 20 and 21 for a successful connection. Depending on the configuration, FTP may use only port 21 or both 20 and 21. The differences in these connections depend on active vs. passive FTP connections.
An FTP connection in Windows can be initiated from the command line, using the command ftp. You can see the available command parameters by simply typing a “?” at the ftp prompt. The two most common parameters used with the ftp command are:
- get – download a file from an FTP server
- put – upload a file to an FTP server
Other commercial FTP products provide GUI interfaces and much more robust features than the command line variants built into mainstream operating systems today, such as Linux, macOS, and Windows.
Lack of security
While TCP port 21 FTP is a solid and well-established protocol that has served well for years and still underpins millions of file transfer sites, it lacks in the all-important area of security. Businesses today cannot afford to have lax cybersecurity standards. There is no shortage of attack vectors from ransomware, malware, network snooping, phishing, brute force, and other attacks.
Using legacy and insecure ports and protocols can be a step in the wrong direction for businesses looking to secure their environment and increase their cybersecurity posture. For example, legacy FTP traffic that is transmitted over TCP port 21 is not a secure protocol. Files, credentials, and other information traversing FTP are transmitted in cleartext with no encryption. We often hear about the encryption used by the bad guys concerning ransomware. However, encryption, when used to secure your data, works in favor of security.
It turns easily readable text and string values such as your username and password and turns them into unreadable “jibberish” without the encryption key. With encryption, even if a hacker captures the network traffic, the encryption algorithm makes the data inside the network traffic unreadable.
Businesses need to think about using port 21 FTP to transfer files in their organization due to the unencrypted nature of FTP transmissions. Using FTP can expose sensitive information and network credentials to an attacker when transmitting data across the network or the Internet.
Modern file transmissions should be using more secure protocols such as Secure File Transfer Protocol (SFTP) or SSH over port 22. Both secure file transmission protocols use encrypted communication to secure business-critical data traversing the network.
The dangers of stolen credentials
Stolen credentials are at the top of the list of dangers to businesses today, both large and small. So why would attackers take the problematic route into your network by trying to compromise a vulnerability or other complicated attack if they can easily steal credentials and “walk right in the front door?”
The IBM Cost of a Data Breach Report 2021 noted that a 20% share of breaches is initially caused by compromised credentials making it the most common initial attack vector. Also alarming is according to the same report, on average, a breach caused by stolen credentials took the longest number of days to identify (250) and contain (91) on average for a total of 341 days. So, what is the cost of a data breach caused by compromised credentials? The average cost to businesses from compromised credentials is $4.37 million.
As mentioned, using insecure protocols such as FTP can lead to attackers quickly stealing credentials that are transmitted in cleartext, leading to long, drawn-out, and costly consequences.
Secure your passwords and bolster password policies
Due to the risk to businesses that stolen credentials bring, organizations must increase the security of end-user passwords and the password policies that define the types of passwords in an environment. Unfortunately, Active Directory Domain Services, which is used in most enterprise environments today, has limited password policy capabilities. As a result, it lacks the capabilities to satisfy current password policy guidance from cybersecurity authorities, such as breached password protection.
Specops Password Policy is a modern password policy solution that bolsters the native capabilities of Active Directory password policies implemented with Group Policy. Specops seamlessly integrates with existing Group Policy objects and allows bolting on the missing capabilities lacking in Active Directory.
Its Breached Password Protection provides live attack data, a new feature of the latest release. Organizations benefit from live data collected by Specops of current passwords observed in real-time brute force attacks. In addition, Specops Breached Password Protection prevents users from changing passwords to those found on known breached password lists.
Implementing disallowed passwords using password dictionaries is not easy using native Active Directory capabilities and requires developing password filter .dlls, meaning you must have development skills in-house. However, Specops makes introducing multiple password dictionary filters in the environment extremely easy with just a few clicks.
Other features provided by Specops Password Policy include:
- Access to a database of over 2 billion compromised passwords
- Live attack data to protect against password compromise
- Find and remove breached passwords in your environment
- Intuitive client messaging
- Dynamic feedback to end-users during password change
- Length-based password expiration
- Customizable email notifications
- Block usernames, display names, specific words, consecutive characters, incremental passwords, and reusing a part of the current password
- Granular, GPO-driven targeting for any GPO level, computer, user, or group population
- Use passphrases
- Regular Expressions support
- Multi-language support
Learn more about Specops Password Policy and download a trial copy.