Globalscape - Application Security

| Method | Security Level | Use Case | |--------|----------------|-----------| | Local EFT Users | Low (admin overhead, password hash storage risk) | Internal, low-volume | | Active Directory / LDAP | Medium-High | Centralized control, MFA support | | SAML 2.0 / SSO (Okta, ADFS, Azure AD) | High | Enterprise, MFA enforced externally | | Client Certificates | High | Automated system accounts (no password rotation) | | Database Lookup | Low (unless hashed) | Legacy integration |

| Attack | Misconfiguration | Fix | |--------|------------------|-----| | | FTP PORT command allowed | Disable PORT command; force PASV behind DMZ Gateway | | SFTP weak KEX | Allows diffie-hellman-group1-sha1 | Edit SSH config in EFT → KEX: curve25519-sha256, ecdh-sha2 | | Admin interface exposed | Port 1100 open to internet | Block at firewall; require VPN or internal access only | | Session hijacking | No session timeout | Set admin idle timeout = 15 min; user session timeout = 30 min | | Directory traversal | Virtual path = C:\FTProot\ + user input ../../../windows | Use PathValidation regex to block .. and : | globalscape application security

Disable internal DB logging for high volume (performance hit) and forward Windows Event Logs to a SIEM (Splunk, Sentinel, QRadar) via Syslog or WEF. | Method | Security Level | Use Case