Free Essay

Ftp- File Transfer Protocol

In:

Submitted By Tisaiah
Words 738
Pages 3
SE571
Principles of Information Security and Privacy
Course Project
FTP- File Transfer Protocol

12/02/2011

Company Overview MedAssets provides technology solutions and consulting services to cover the full spectrum of providers’ revenue cycle needs from patient access to claims denials. In addition, MedAssets’ decision support suite integrates financial, clinical and administrative information, and then distributes that data enterprise wide for timely analysis and decision making to positively impact future performance. All of these solutions help ensure your facility gets paid fairly, in a timely manner, for services rendered; which could potentially improve your net patient revenue 1-3%.
Revenue Capture Solutions/ Value proposition MedAssets’ revenue capture solutions help establish and sustain revenue integrity by identifying missed charges, improving clinical documentation and providing tools for case management, all working to transform the revenue cycle and yield increases in the bottom line. Whether working with a large integrated delivery network or a small rural hospital, as a knowledgeable strategic business partner, MedAssets can replace multiple vendors and build a customized, multi-year program, using technology and know-how to help your facility achieve your financial and operational goals.
File Transfer Protocol The File Transfer Protocol (FTP) allows clients to access remote file servers, list remote directories, and move files to or from remote hosts. FTP understands basic file formats and can transfer files in ASCII character or binary format. Defined in STD 9/RFC 959, FTP provides a standard UNIX-like user interface, regardless of the actual underlying operating system. FTP allows a client to upload a file to a remote host, download a file from a remote host, or move files between two remote hosts. FTP was defined to allow file transfers between two systems without giving the user all of the capabilities that a Telnet session would (e.g., the ability to execute programs at the remote host). In some ways, FTP is more complex than Telnet. FTP maintains separate TCP connections for control and data transfer. FTP commands and responses are exchanged on the control connection, and a new data connection is established by the server for each directory listing or file transfer.

MedAssets FTP/sFTP Initial Account Setup Request and Notification Implementation Managers are responsible for initiating and confirming the initial FTP/sFTP account setup from the MDAS FTP Support group. The Implementation Manager will subsequently be responsible for notifying the project’s assigned Technical Implementation Analyst upon data receipt. Finally, at the end of the Implementation, during the Transition to Client Services, data receipt notification should be requested to be turned off.

Login FTP login utilizes a normal username/password scheme for granting access. The username is sent to the server using the USER command, and the password is sent using the PASS command. If the information provided by the client is accepted by the server, the server will send a greeting to the client and the session will be open. If the server supports it, clients may log in without providing login credentials. The server will also limit access for that session based on what the user is authorized.
Client File Submission Methodology

Account Name:
Password:

Secure FTP
All data is sent to MedAssets via Secure FTP using one of the following secure methods. PHI (Patient Health Information) data does not need to be encrypted when using Secure FTP. * Connect to sftp.medassets.com using one of the following protocols: * Implicit FTPS (SSL) on port 990 * PASV Mode connections allowed on ports 28000 – 28050 * SFTP (SSH2) on port 22 * Authentication options: * Username + password * Username + public key (public key provided by hospital)

Standard FTP * NOTE: Standard FTP is ONLY to be used in the rare instance when the organization is limited in some unique way from being able to send via Secure FTP. * NOTE: All PHI data must be encrypted if sending via Standard FTP. * Port 21 using Standard FTP client to connect to ftp.medassets.com

Security
FTP was not designed to be a secure protocol—especially by today's standards—and has many security weaknesses.
Bounce attacks
Spoof attacks
Brute force attacks
Packet capture (sniffing)
Username protection
Port stealing FTP was not designed to encrypt its traffic; all transmissions are in clear text, and user names, passwords, commands and data can be easily read by anyone able to perform packet capture (sniffing) on the network. Below is a link from you tube about FTP for additional information http://www.youtube.com/watch?v=hiQrYptlZ08

Similar Documents

Free Essay

File Transfer Protocol (Ftp)

...File Transfer Protocol (FTP) IT/220 Internet Concepts (AXIA) August 25, 2011 Joseph Sambuco File Transfer Protocol (FTP) If I were a web developer I would use File Transfer Protocol (FTP) to transfer files from one computer to another. There is two ways to use FTP. The first way is to upload files that create a web site from a local computer to a web server. The second way allows the users to download files, programs, and documents from a FTP server that has been already set up. There are Websites that provides links that allow visitors to download files to their computers via FTP. In order for users to download from these sites, they must know the login details. An example of these details could be the username and/or the user password. Once connected there are two ways to transfer the files, the binary mode or the ASCII mode. The binary mode is used for binary files, such as executable programs, music, images, and videos and the ASCII mode is used more for plain text files. Files created in Notepad are examples of the ASCII mode. There are two methods that allow Website developers to establish connections to the FTP server, active and passive. In the active method, the user initializes the connection that commands the port and the server initializes the connection that passes the data. In the passive method, the user initializes the connection for both the command port and passing data. The client and the server will communicate using two ports, one to...

Words: 283 - Pages: 2

Free Essay

The Modified Parallelized File Transfer Protocol for

...The Modified Parallelized File Transfer Protocol for Multi-users Wei-Chen Lin Jiun-Jian Liaw Chiung-Ta Wu Department of Information and Communication Engineering Chaoyang University of Technology Taiwan(R.O.C.), Taichung s9930615@cyut.edu.tw, jjliaw@cyut.edu.tw Abstract—File Transfer Protocol is the most popular file transfer standard. This FTP can let a computer system connect to the internet via a communication network, and it can also access the system resources from the internet. File server is being downloaded now by TCP/IP protocol, while before it was downloaded by signal server. Due to the limited flow control, the old method could not use download time efficiently. In order to solve the flow control problem, some researchers came up with a distributed file transfer method that can share the document with other users, thus allowing the shortest transfer time using neighboring servers. Although the distributed file transfer can reduce the file transfer time, it was not concerned with the quality of the transfer between two servers, and was inappropriate for file segmentation and transfer, so the file transfer could not attain the optimal transfer efficacy. Based on our research, we propose a new method called Distributed Parallelized File Transfer Protocol (DPFTP). This method is based on Parallelized File Transfer Protocol (P-FTP) and is beneficial to multi-users, as it utilizes server loading and reduces the download time. Keywords—FTP; P-FTP; DPFTP ; multi-users; ...

Words: 4505 - Pages: 19

Premium Essay

Social Networking Sites

...BRIAN LAPITAN SUBMITTED BY: JOHN ALLEN C. RONQUILLO BSICT-IB 1. What is Internet? - The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite (often called TCP/IP, although not all applications use TCP) to serve billions of users worldwide. It is a network of networks that consists of millions of private, public, academic, business, and government networks, of local to global scope, that are linked by a broad array of electronic, wireless and optical networking technologies. The Internet carries an extensive range of information resources and services, such as the inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructureto support email. 2. History of Internet? - The history of the Internet began with the development of electronic computers in the 1950s. This began with point-to-point communication between mainframe computers and terminals, expanded to point-to-point connections between computers and then early research into packet switching. Packet switched networks such as ARPANET, Mark I at NPL in the UK, CYCLADES, Merit, Tymnet, and Telenet, were developed in the late 1960s and early 1970s using a variety of protocols. The ARPANET in particular led to the development of protocols for internetworking, where multiple separate networks could be joined together into a network of network 3. Internet vs. internet?  - one existing distinction between "Internet" and "internet" has been...

Words: 1153 - Pages: 5

Premium Essay

Itt Nt2580 Lab #5

...Lab #5 1. What is the purpose of the address resolution protocol (ARP)? ARP is a protocol used for resolution of IP addresses into MAC addresses and vice versa. 2. What is the purpose of the dynamic host control protocol (DHCP)? DHCP is used on an IP network to assign IP addresses to computers on the network. This is done without any human intervention. The computer requesting a DHCP-assigned address is given one by the network’s DHCP server within a range of assigned IP addresses which are tracked by the DHCP server. A DHCP-assigned address is normally assigned to a computer for a set lease time and after that lease expires, the computer must renew the IP address or request a new one. 3. What was the DHCP allocated source IP host address for the Student VM and the Target VM? (retracted) 4. When you pinged the targeted IP host, what was the source IP address and destination IP address of the ICMP echo-request packet? Source: 10.134.112.42 (my external IP) Destination: 98.138.253.109 (www.yahoo.com) 5. Did the targeted IP host respond to the ICMP echo-request packet with an ICMP echo-reply packet? If yes, how many ICMP echo-reply packets were sent back to the IP source? Yes, the target did respond with ICMP echo reply packets. My computer sent four request packets and the destination server sent four reply packets back. 6. Find a TCP 3-way handshake for a TELNET, FTP, or SSH session. What is the significance of the TCP 3-way handshake...

Words: 552 - Pages: 3

Free Essay

Information

...transmission control protocol and the user Datagram protocol, a port number is a 16 bit integer that is put the header appended to a message unit. This port number is passed logically between the client and the server transport layers and physically between the transport layer and the Internet Protocol layer and it will forward it on to the other layers. For an example, a request from a client to a server on the internet may request a file to transfer from the host File Transport Protocol (FTP) server. In order to pass that request which is passed by us to the FTP in the remote server, the Transmission Control Protocol (TCP) identifies the port number which is of 16 bit length, then that port will forward the request to the FTP Server. FTP and the FTP Port Number The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files from one host to the other host over a TCP – based network, for an example Internet. FTP is a Client – server architecture and uses a separate control and the data connections between the client and the server. The model of the FTP is shown below. Fig 1: File Transport Protocol Model Executing an FTP port connection through a client is two – stage process requiring the use of two different ports. Once the user enter the name of the server and the login details in the authorization fields of the Client FTP, the FTP connection will be established and the FTP control port will get opened, by default the FTP uses the Port number...

Words: 1400 - Pages: 6

Free Essay

Forensic Project

... For the purpose of this investigation, we are primarily concerned with the FTP (File Transfer Protocol) sessions and the file names they contained. We can use this information to identify the persons responsible for the data leak at Corporation Tech’s network. First, we created a new collection in NetWitness. We titled the collection Final Project for the purposes of this investigation. We then imported packets from the captured packets file titled ftpcapture.pcap. Once NetWitness imported the files, we were able to view information such as the login information and files transferred. Below is the information we collected. Source IP | Destination IP | Protocol | Username | Password | Files | 172.16.177.132 | 172.16.177.157 | FTP (21) | badguy | you will never guess this !! | badnotes1.txt | 172.16.177.132 | 172.16.177.157 | FTP (21) | badguy | you will never guess this !! | badnotes2.txt | These files were transmitted on July 31, 2010 at 1:08:58 AM and totaled to 5.71KB, which is shown below in the following screen captures. After our investigation of the FTP files in question, we investigated the remaining packet capture but did not identify anything further that could be considered questionable. The primary communication was between the IP addresses 172.16.177.132 and 172.16.177.157. Another attempt to login was made from the same IP addresses at the same time as the file transfer was performed using the credentials...

Words: 1241 - Pages: 5

Premium Essay

Identify Unnecessary

...of the system the following services where found. They include the domain, http, ssh, auth, tcpwrapped, msrpc, smtp, netbios-ssn, Microsoft-ds, unknown, ftp and https. Below you will find a list of each and what they do. 1. Domain is the website that people go to. 2. http is the first part of the web address. 3. ssh is the port for logging in remotely. 4. Auth is the login information needed. 5. Tcpwrapped is host based network in ACL system used to filter Internet Server Protocols provides firewall features. 6. Msrpc is transport protocols. 7. Smtp is simple mail transfer protocol 8. Netbios-ssn part of the net bios 9. Microsoft-ds are the Microsoft port. 10. Unknown is just what it says. 11. ftp is the file transfer protocol. 12. https is part of the secure address for an internet site. After viewing these and finding out exactly what each does it has been decided that I will remove three of them. The reason for this is that they can automatically download malware or viruses to your computer. I will remove the file transfer protocol by going through the FTP accounts. This protocol will be picked so that certain information cannot be transferred over the internet. The next one that I will remove is the Peer-to-peer (P2P) file-sharing service. You want to remove it completely from the computer so that no malware...

Words: 415 - Pages: 2

Premium Essay

Kudler Fine Foods Network Analysis

...importance of communication protocols and define the protocols that would be most effective for the Kudler Fine Foods network. Understanding the usefulness of a traffic analysis and the effect of latency response time and jitter are also necessary. Other aspects of developing an effective network design are understanding the effect of data rate on each part of the network and developing strategies to ensure the availability of network access in switched and routed networks. Communication protocols are the pre-defined set of rules which enable the networked devices to communicate effectively with each other. These protocols determine how messages are sent and received, detect and recover transmission errors and determine how messages are formatted. These protocols are important because they define the guidelines which determine how computers communicate with each other in a standardized manner. The protocol identified for Kudler Fine Foods is the Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol Suite. There are many advantages to using this protocol. It is compatible with all operating systems, hardware, software and network configurations. This protocol is routable and highly scalable which enables expansion of the network as needed. It also provides very reliable data delivery. The Suite includes protocols such as Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP) and Simple Mail Transfer Protocol (SMTP). HTTP transfers web pages including...

Words: 995 - Pages: 4

Free Essay

Network Plus Study

...Protocol ARP Port Description Address Resolution Protocol Resolves IP addresses to MAC addresses. FTP SSH Telnet SMTP 20/21 22 23 25 File Transfer Protocol: 20 is for data/21 is for control. Secure Shell – Encrypts traffic on the wire, used for telnet and FTP. Remote connection using the command line, data sent in clear text, secured using SSH. Virtual terminal. Simple Mail Transport Protocol, used for transferring email between clients and SMTP servers. “Sends mail to the post office!” TACACS+ Interacts with Kerberos 49 Terminal Access Controller Access-Control System+ Encrypts entire authentication process and is the preferred alternative to RADIUS. DNS DHCP TFTP HTTP Kerberos POP3 53 67 69 80 Domain Name System, Resolves Host names to IP addresses Dynamic Host Configuration Protocol Trivial File Transfer Protocol (transfers small data) Hypertext Transfer Protocol – delivers HTML traffic 88/749 Authentication protocol, uses a KDC to issue timestamped tickets with 5 min expiry 110 119 123 Post Office Protocol version 3 “Pat the post man!!” Transfers email from email server to client NNTP NTP Network News Transfer Protocol – news groups/forums Network Time Protocol - time synchronisation IMAP4 143 Internet Message Access Protocol Stores and organizes email on an email or SMTP server “organize mail at the post office” HTTPS 443 Hypertext Transfer Protocol Secure *Hypertext transfer protocol over secure socket...

Words: 408 - Pages: 2

Premium Essay

E Commerce , Website

...www.abc.com. Database is also important to power the website. It stores information and organize so that we can access easily with Customer Relationship Management (CRM). Website also need communication server which allow us to communicate with the company through chat and report the problems. If the customers need new drivers to download, they can directly download from Filer server and File Transfer Protocol (FTP). They are connected to the Document server and database. We should use web server to host the website and to protect the website it have firewall which protect from virus and hackers. Domain Name Server (DNS) is also powering the website which address like www.abc.com. Database is also important to power the website. It stores information and organize so that we can access easily with Customer Relationship Management (CRM). Website also need communication server which allow us to communicate with the company through chat and report the problems. If the customers need new drivers to download, they can directly download from Filer server and File Transfer Protocol (FTP). They are connected to the Document server and database. We should use web server to host the website and to protect the website it have firewall which protect from virus and hackers. Domain Name Server (DNS) is also powering the website which address like www.abc.com. Database is also important to power the website. It stores information and organize so that we can access easily with...

Words: 331 - Pages: 2

Premium Essay

This Is Not a Test

...you created your kernel source code backup.) * chmod - options to recursively change user, group and other permissions on files/directories * chown - options to recursively change file and directory user ownership * chgrp - options to recursively change file and directory group ownership * kill - superkill vs sending other signals to a process * ps - options to list all running processes on a Linux/Gnu system * top – Interactive Linux Tasks Status Display * grep - know how to use to find specific lines of info in output/files (you should have learned about this command in Intro to Unix/Linux Systems.) Shell expansion characters - be able to respond to questions regarding usage of '*' - asterisk, all files or all matching strings '?' - question mark, single character  What are the components of a Linux distribution? * Kernel * Desktop Environment * System Libraries * System Tools * Developmental Tools * File Structure Popular Distributions:  * Redhat,  * CentOS * Fedora  * Suse * Debian * Ubuntus What sort of hardware architecture can Linux be installed on? * Intel-x86 systems * Embedded systems From what sources can Linux be installed? * CD- ROM * Hard Disk * Floopy Disk * USB * Network Installation * ftp * http * nfs Who created the Linux Kernel? What does open source mean? Where is the kernel stored on a CentOS distro (/boot)...

Words: 4587 - Pages: 19

Premium Essay

Romeo and Juliet

...The protocol was first specified June 1980 and updated in RFC 959,[2] which is summarized here.[5] The server responds over the control connection with three-digit status codes in ASCII with an optional text message. For example "200" (or "200 OK") means that the last command was successful. The numbers represent the code for the response and the optional text represents a human-readable explanation or request (e.g. ).[1] An ongoing transfer of file data over the data connection can be aborted using an interrupt message sent over the control connection. Illustration of starting a passive connection using port 21 FTP may run in active or passive mode, which determines how the data connection is established.[6] In active mode, the client creates a TCP control connection to the server and sends the server the client's IP address and an arbitrary client port number, and then waits until the server initiates the data connection over TCP to that client IP address and client port number.[7] In situations where the client is behind a firewall and unable to accept incoming TCP connections, passive mode may be used. In this mode, the client uses the control connection to send a PASV command to the server and then receives a server IP address and server port number from the server,[7][6] which the client then uses to open a data connection from an arbitrary client port to the server IP address and server port number received.[5] Both modes were updated in September 1998 to support...

Words: 1173 - Pages: 5

Free Essay

Infinite

...Technical security officer: responsible for the configuration, design, deployment and maintenance of information security program, including policies, procedures, technical systems, and workforce training in order to maintain the confidentiality, integrity, and availability of data within the company. ABOUT ETIHAD: founded on 2003, based on Abu Dhabi. Slogan: “from AD to the world”. Etihad Airways is the 4th largest airline in the Middle East and 2nd largest airline in the UAE, after Emirates airlines….James Hogan Chief Executive Officer on 2006…sponsored many sports events such as rugby and formula 1 Abu Dhabi Grand Prix.…..received many awards such as “Best First Class", "Best First Class Seats" and "Best First Class Catering" 2010 opened route from AD to Seoul….Last week sign agreement with Korean air… #1) What attracted you to the field of Information Security? #2) What brings you to us? #3) Do you pursue any information security research outside of your current employer? I like to see candidates who enthusiastically brag about their test lab at home, or what they have recently done at an Information Security conference or convention. I want people on my team who take pride in their work, not a ticket pusher who is just in it to close as many tickets as possible and go home. #4) Why would you like to work in this position? - To help the organization succeed with their achievements by securing their confidentialities and ease to communicate with outsiders. #5) How...

Words: 1244 - Pages: 5

Free Essay

Lab Step

...vWorkstation desktop, open the Common Lab Tasks file. If desired, use the File Transfer button to transfer the file to your local computer and print a copy for your reference. Figure 1 "Student Landing" workstation 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps. Part 1: Capture Network Traffic using TCPdump utility Note: In the next steps, you will use TCPdump, a command line utility, to capture network traffic on the TargetLinux01 virtual server. You will generate that traffic by exploiting a cross-site scripting (XSS) vulnerability in the Damn Vulnerable Web Application (DVWA) tool. In the lab environment, you will be capturing traffic on one interface. In a real-world situation, it is likely the machine would be straddling both an internal network and an external network. In that case, you would want to want to monitor both sides of the interface. Monitoring outside network traffic allows information systems security practitioners to see who and what is attempting to infiltrate your IP network. Monitoring internal traffic allows network analysts to see exactly which hosts may be compromised and what destination IP addresses internal employees are accessing. 1. Double-click the RDP folder on the vWorkstation desktop to open the folder. 2. Double-click the TargetLinux01 file in the RDP folder to open a remote connection to...

Words: 3168 - Pages: 13

Premium Essay

Richman Investments

...Richman Investments holds requirements for the usage of the company network including filtering policies for network traffic through an AUP. Acceptable use policy (AUP) would start with the User Domain. The user domain is the employee within an organization who is granted access to the information system for the organization. There are roles and tasks, responsibility, and accountability that go into an acceptable use policy for the user domain. Within the user domain, access to the LAN to WAN, web surfing, and internet could be used help gather information between customers and employees. LAN to WAN is the activities between LAN to Wan and firewalls, routers, intrusion, detection, and workstations. Web surfing determines what a user can obtain on company time with company resources. Internet, is when the user has access to the internet with the types of controls the organization has on the certain internet sites being accessed. Although LAN to WAN, web surfing, and internet have some of the same characteristics, they also have different specific IT infrastructures it affects. . For the LAN to Wan AUP, it will goes with the roles and task parts of the user domain. Users would be given access to certain systems, applications, and data depending on their access rights. The AUP is a more of a rulebook for employees to follow when using the organization’s IT assets. If the AUP is violated, it could be grounds for termination from the company. The AUP will set rules for employees...

Words: 1029 - Pages: 5