Accellion blog has moved!

You should be automatically redirected in 6 seconds. If not, visit
and update your bookmarks.

Friday, July 28, 2006

FTP (In) Security in the Google Age

Summary: Data and information residing on FTP sites are indexed by Google. Do you know what is on your FTP servers?

Although I am a Google power user and a veteran of FTP, I still find it a touch scandalous, although logical, to know that FTP sites are being indexed by Google.

It really makes sense because FTP sites hold tremendous amounts of information and data and Google's stated mission is to crawl all the information fit to index. (To paraphrase the redoubtable New York Time's motto.)

The trouble is, do you really want Google to index information on these FTP sites and make them searchable?

Conversely, do you know what is in your FTP servers?

I have known of cases where companies routinely exchange large proprietary data sets using FTP for user to user file transfer because other traditional file transfer methods like email and CD delivery are inadequate to the task. In today's Google mode of operation, a great deal of IP (intellectual property) can be exposed to your favorite search engine.

Or, like this Search Engine Roundtable posting shows, you have to be very wary of (hidden) FTP logs being indexed.

So, here are three things that you should do:

1. Search Google (and other search engines) for your (company) information to make sure that there is no proprietary information not intended for public consumption floating around. (I find it's helpful to set up Alerts to automatically have search engines tell you what it is finding with a specific search criterion.)

2. Lock down FTP servers. This would make FTP unfriendly to users and administrators alike, but imagine the alternative...

3. Look for a secure alternative means to sending large files that will not be exposed to the prying eyes of Google.


No comments: