Blog
FTP Dashboard: Detect and Mitigate FTP Data Leaks
Ken Pickles
February 5, 2015
Most administrators rarely understand their FTP traffic profile until it's too late. The following are some basic questions every administrator should know when trying to secure their data:
- How many systems are running the FTP service?
- What are the most active FTP nodes?
- Who are the most active users?
- How much throughput does FTP consume?
- What are the most requested files?
My kneejerk reaction was to turn to the ExtraHop community. It's a burgeoning ecosystem of users collaborating and sharing to solve similar problems. I found a number of users with similar needs but no published solution, so I thought, "OK, let's do it!"
Identifying FTP Nodes
The Most Active FTP widget shown below tracks internal and external FTP requests and responders in real time. This provides a simple interface that quickly recognizes FTP talkers and list them by volume. If you see unusual communication with an unauthorized node you can promptly take action. If you believe there is a data leak this would be a great starting point to investigate further.
Identifying FTP Users
Identifying Files Sent Over FTP
FTP Server Resources
FTP Status Codes
Summary
Discover more