Cybersecurity Awareness

October is National Cybersecurity Awareness Month.  The website StaySafeOnline.org encourages you to make cybersecurity a priority and provides some “top tips” on how you can protect your business. While some of these tips are seemingly common sense (for example, “Know who you’re dealing with online.”), other tips speak directly to the capabilities of the software that you choose:

This tip immediately made me think of our secure FTP server solution, Titan MFT Server. Titan MFT Server is a managed file transfer solution, which, along with many other features that address cybersecurity (such as highly granular security settings that can restrict IP access and help to prevent DoS and FXP attacks) also provides strong authentication options and the ability to force complex password rules.

Titan MFT Server supports a variety of user authentication options, including native Titan Authentication, Windows NT/SAM authentication (for Windows 2000 Servers), Windows Active Directory authentication, LDAP authentication, and ODBC authentication.

Titan also provides S/Key password encryption and the ability to force the user to create passwords that are strong, which helps to prevent brute force password cracking. When this feature is enabled, passwords must be at least eight characters long with no spaces and must contain:

• one or more Latin uppercase letters (A through Z)
• one or more Latin lowercase letters (a through z)
• one or more digits (zero through nine)
• one or more non-alpha characters, such as ! # $^& , -+=

To learn more about how you can protect your business from cyberthreat by using Titan MFT Server, contact our sales team at sales@SouthRiverTech.com.

Benefits of 64 bit Server Software

Most computers these days ship pre-loaded with 64 bit Windows operating systems.  This had led to some compatibility issues with some 32-bit software either not working at all, or running with limited functionality.  The primary issue many users face is driver incompatibility for their peripherals which require 64 bit drivers.  Most 32 bit application software will still install and run on 64 bit Windows platforms; however, there are usually configuration issues that can frustrate users and leave them wondering what benefits, if any, there are to a 64 bit operating system.

The primary benefits to running native 64 bit software on your 64 bit operating system are the ability to allocate and use more memory and speed.   When running 32 bit applications on a 64 bit OS, Windows will run them in a subsystem called “Windows on Windows (WOW64)” which is a transition layer to map all Windows calls from their 32 bit to 64 equivalents.  The WOW64 layer also intercepts registry calls and uses a special tree in the registry to store settings to not interfere with native 64 bit software.  Using the WOW64 transition layer will have a negative effect on performance and will not give 32 bit applications the increased memory space that native 64 applications enjoy.  A 32 bit Windows application can use/address at most only 2 GB of memory, even though the computer system may have 16 GB of memory installed.   Even when running on a 64 bit operating system, 32 bit applications still can only address 2 GB of memory.   A native 64 bit application can access/allocate 8 terabytes (TB) of memory.

You may be wondering if any application really needs to address more than 2 GB of memory.  If you are running file server software, then the answer is yes.  To be highly scalable, your server software should be able to make use of all available system memory.  File server software, such as FTP/SFTP/DAV servers, are designed to handle many clients and sessions simultaneously and generally interact with database servers at the same time.   The more users accessing the server at the same time the more memory that it requires.  If your file server software only supports 32 bit operating systems then you are limiting its scalability.  When choosing a file server solution it is a good idea to look for servers that natively support 64 bit operating systems to get the benefits of increased memory capabilities, scalability and speed.

Shh, I have a secret… or is that SSH, I have a secret?

That’s something my 3 and 5 year olds say. “Daddy, shh, I have a secret”. They would then promptly tell me their secret, usually either tattling on each other or someone else or telling me they love me. While that sort of non-secrecy is great for children, it is not acceptable in secure communications.

A very long battle has been going on for literally thousands of years between those with information they want to keep secret and those who want to know those secrets. Some early methods included taking a rod or staff of fixed width and wrapping a strip of paper around it, writing your message on the strip and unwinding it, this would leave the letters of your message scrambled until you placed it on another rod of the same width. Like this:

Substitution ciphers go back at least to the 1400s and involve changing one letter for another based on some rules. A famous version recently was Enigma used by the Germans in WWII. Substitution ciphers are still used in DES and AES though they are much stronger encryption algorithms than earlier ciphers. DES is one of the algorithms selected by the National Institute of Standards and Technology (NIST) as an official Federal Information Processing Standard (FIPS). Today Triple DES, or DES applied three times, is viewed as secure.

FIPS compliance is an important part of writing any secure Managed File Transfer server like Titan MFT by South River Technologies. As one of the engineers working on Titan, it is my responsibility to keep current on cryptographic standards and incorporate those standards to secure data transmission for our customers. Titan MFT enables secure communications over SFTP (Secure File Transfer Protocol using the secure shell or SSH), FTPS (FTP over SSL/TLS), and HTTPS.

Secure communication is essential in today’s environment, and as hackers and spies become more sophisticated in their attempts to break into secure data, new ways to secure that data will be developed, and software engineers like me will bring those new protocols to customers. Rest assured that you can indeed have a secret and keep it secret.

FTP and Taxes

As April 15th approaches, everyone scrambles to get those taxes in the mail. Wait, the mail, forget about it, whose mailing tax returns? Well, maybe Grandma Betty still takes her pre-printed IRS envelope to her local Post Office, but the rest of us, we’re transmitting those Tax Returns into cyberspace and hopefully getting a refund.

In August 2007, the IRS produced Publication 1346, a 400 page document that discussed in great detail the Electronic Return File Specification for Individual Tax Returns –it’s a definite page turner (http://www.irs.gov/pub/irs-pdf/p1346.pdf). In a nutshell, protocol of choice for the IRS is FTP with SSL 3.0/TLS 1.0. Zmodem was second, a file transfer protocol discovered by Chuck Forsberg in 1986. Its claim to fame was that it improved transfers on the X.25 network and it offered the ability to restart transfers. As you can see, the IRS has always been on the cutting edge when it comes to collecting the government’s money.

Here are a few statistics for you to ponder:

• Electronic Tax Filing began in 1986, with the transmission of 25,000 refund-only individual income tax returns from five transmitters in three locations, Cincinnati, Raleigh-Durham and Phoenix
• In 1992, filing from home began with the 1040 TeleFile research test which processed 125,983 TeleFile returns from the state of Ohio
• Last year, the IRS received 136.9 million total individual returns
• There are over 1700 forms available for download from the IRS FTP site

In closing, there is another protocol that you never want used by the IRS. It’s also called FTP. Here’s their definition: “Congress established the FTP (Failure to Pay) tax penalty to encourage taxpayers to pay their Federal income taxes on time and authorized the Internal Revenue Service (IRS) to charge this penalty on tax accounts when taxes are not paid when due.” So the moral of the story, keep e-filing but pay your taxes!