General Information - Security

The following security features are functions of the MOVEit DMZ software and exist in addition to the hardening of the operating system and associated application services.

Transport Encryption

During transport MOVEit DMZ uses SSL or SSH to encrypt communications. The minimum strength of the encryption used during web transport (e.g., 128-bit) is configurable within the MOVEit DMZ interface.

This value is configurable by organization. To configure this value for any particular organization, sign on as a SysAdmin, view the organization for which this value should be set, and click the "Change Req" link to set the value. NOTE: If you set the minimum encryption value of the "System" organization (#0), you will be given the chance to apply your setting to ALL organizations in the system.

Storage Encryption

MOVEit DMZ stores all files on disk using FIPS 140-2 validated 256-bit AES (http://csrc.nist.gov/encryption/aes), the new (US) federal standard for encryption. MOVEit Crypto, the encryption engine on which MOVEit DMZ relies, is only the tenth product to have been vetted, validated and certified by the United States and Canadian governments for cryptographic fitness under the rigorous FIPS 140-2 guidelines.

MOVEit DMZ also overwrites just-deleted files with random bytes to prevent even encrypted files from lingering on a physical disk after users thought them to have been destroyed.

Precautions Taken During Transport-Storage Exchange

If files received by MOVEit DMZ were simply copied to a large cleartext memory buffer, trojan programs could potentially "sniff" sensitive files out of these spaces.

Instead MOVEitDMZ spools pieces of files received into much smaller buffers, encrypts them and writes them to disk almost immediately. Spooling files in this manner reduces overall exposure in two ways: 1) reduces amount of information exposed and 2) reduces time information is exposed. (This technique also yields some important performance gains.)

(A frequently asked question regarding this issue is "why not just store the file using SSL or SSH" - a short answer to this question is: SSL or SSH uses temporary keys which are renegotiated each time a client establishes a new connection, and we need "more permanent" keys for storage.)

Integrity Checking

When certain file transfer clients are used with a MOVEit DMZ server, the integrity of transferred files will be confirmed. All MOVEit secure FTP, API and web-based clients (including the upload/download Wizard) support integrity checking. Other FTP clients can also take advantage of integrity checks; see "FTP - Interoperability - Integrity Check How-To" for more information.

To perform an integrity check, both the client and the server obtain a cryptographic hash of the transferred file as part of the last step of the transfer. If the values agree, both sides "know" that the file transferred is completely identical to the original. The results of any integrity check are not only displayed to the user of the file transfer client but stored for ready access on the MOVEit DMZ server.

Immediate Transfer off Server

When used with MOVEit Central, MOVEit DMZ supports "event-driven" transfers which allow files to begin spooling to internal servers as soon as they land on an Internet-facing MOVEit DMZ server. This prevents even encrypted files from remaining on the server for longer than absolutely necessary.

Transfer Resume

MOVEit DMZ supports file transfer resume on both its HTTPS and FTPS interfaces. In addition to being useful during transfers of multi-gigabyte file, this feature is also a secure feature in the sense that it makes large file transfers less susceptible to denial-of-service attacks.

Folder Quotas

Enforceable folder size quotas can be set on various folders to prevent system storage from being exhausted.

User Quotas

Enforceable user size quotas can be set on various users to prevent them from exhausting system storage.

Delegation of Authority

Individual end-user members of a group can be designated as Group Admins. These users then are able to administrate the users, folder permissions and address books in their group, subject to various parameters set by organization administrators.

Administrative Alerts

Email notifications are sent to administrators when users are locked out, when the internal consistency checker notices something amiss with the database, etc.

One-Way Workflows

MOVEit DMZ can be configured to never allow users to download what they have just uploaded into the system. This configuration alone can prevent users from misusing MOVEit DMZ as a repository of personal or restricted materials. (Another common way to handle this scenario is through the use of IP restrictions.)

Password Aging

Users can be forced to change their passwords periodically with MOVEit DMZ's password aging features. Users will also be warned (via email) several days in advance of actual expiration, and notified again when their password expires.

Password History

MOVEit DMZ can be configured to remember a certain number of passwords and prevent users from reusing those passwords.

Password Strength Requirements

Various password complexity requirements can be set on MOVEit DMZ, including number/letter, dictionary word and length requirements.

Account Lockout

If someone attempts to sign on to a valid account with an incorrect password too many times, their account can be locked out and administrators will be notified via email.

IP Lockout

A very real concern of administrators of any authenticated resource which supports account lockouts is that someone will get a list of valid usernames and lock all of them out. To mitigate this risk, MOVEit DMZ offers a feature which will prevent a machine with a specific IP address from making any further requests of the system if MOVEit DMZ sees too many bad signon attempts. Administrators will also be notified via email when this occurs.

Restricted IP/Hostname Access

Specific users or classes of users can be restricted to certain ranges of IP addresses and/or hostnames.

Detailed, Tamper-Evident Audit Logging

MOVEit DMZ logs not only signon and signoff events, but permission changes, new user additions and other actions which directly affect the security of the system. Realtime views of this audit trail as well as detailed query tools are available on the Logs and Report pages. All log entries are cryptographically chained together in a way that makes any tampering (add, delete, change) of audit logs evident.

Remote Authentication

MOVEit DMZ's RADIUS and LDAP clients support any standard RADIUS and LDAP servers, including Microsoft's Internet Authentication Server, Novell's BorderManager, Microsoft Active Directory, Novell eDirectory, Sun iPlanet and IBM Tivoli Access Manager (SecureWay).

Obscured Product and Version Identity

MOVEit DMZ does not reveal its product name to unauthorized users via the SSH and FTP interfaces and can be configured to hide this information from web users as well. Version numbers are also only available to authorized users. Obscuring this information prevents hackers from figuring out what they are attacking without doing a fair amount of research.

Client Certificates and Client Keys

All major interfaces of MOVEit DMZ (SFTP, FTPS, HTTPS) support the use of SSL (X.509) client certificates and SSH client keys. SSL client certs and SSH client keys are usually installed on individual machines, but SSL client certificates are also available as hardware tokens.

Multiple Factor Authentication

When used with a username, IP addresses, passwords and client keys/certs offer one-, two- or three-factor authentication.

External Authentication

Organizations worried about storing username-hash combinations on MOVEit DMZ's protected database can use the External Authentication feature and move all non-administrative usernames and passwords to RADIUS or LDAP servers. (Access to the remaining administrative usernames can be locked to specific, internal-only IP addresses.)

Not-In-DMZ Storage Options

There are two ways to store MOVEit DMZ encrypted files in locations that are not in a DMZ. The first is to implement MOVEit DMZ Resiliency and store the data on a remote, logical drive. The second is to deploy MOVEit DMZ on a piece of an existing storage area network (SAN).

Web Browser "Clickable Keyboard" Keystroke Logging Protection

To prevent keystroke logging software and hardware from capturing the keystrokes used to sign on to a MOVEit DMZ using a web browser, a clickable keyboard is provided as an alternate method of data entry. The same keyboard also protects other password fields used throughout the application to protect other users as well.

Cross-Frame Scripting Protection

To help prevent cross-frame scripting attacks against MOVEit DMZ, the web interface will prevent itself from being loaded in a frame or iframe window. This can be overridden using the "contentonly" flag, if the goal is to integrate MOVEit DMZ with an existing portal application using frames. See the URL Crafting doc page for further details.