Back to All Checks
Medium Transfer Regional

Transfer Family servers should not use FTP protocol for endpoint connection

NIST 800-53PCI DSS v4.0.1PCI DSS v4.2.1

Description

This control checks whether an AWS Transfer Family server uses a protocol other than FTP for endpoint connection. The control fails if the server uses FTP protocol for a client to connect to the server's endpoint. FTP (File Transfer Protocol) establishes the endpoint connection through unencrypted channels, leaving data sent over these channels vulnerable to interception. Using SFTP (SSH File Transfer Protocol), FTPS (File Transfer Protocol Secure), or AS2 (Applicability Statement 2) offers an extra layer of security by encrypting your data in transit and can be used to help prevent potential attackers from using person-in-the-middle or similar attacks to eavesdrop on or manipulate network traffic.

Remediation

To remediate this issue, update the Transfer Family server configuration to use secure protocols (SFTP, FTPS, or AS2) instead of FTP. Remove FTP from the protocols list and ensure only encrypted protocols are enabled.

Steps

  1. Open the AWS Transfer Family console.
  2. Select the server that is using FTP protocol.
  3. Go to the 'Protocols' section in the server settings.
  4. Remove 'FTP' from the enabled protocols.
  5. Ensure that secure protocols (SFTP, FTPS, or AS2) are enabled.
  6. Save the server configuration.
  7. Verify that clients can connect using the secure protocols.

Compliance

NIST 800-53PCI DSS v4.0.1PCI DSS v4.2.1
Start Your Free Security Check