Home » Blog

Blog

Posts Tagged with "SECURE FTP"

Linoma Software celebrates 20 Year Anniversary

Linoma Software-20 Year-FINALLinoma Software is celebrating 20 years in helping organizations around the world to automate their IT processes and protect sensitive data. The company will commemorate this milestone anniversary with the much anticipated unveiling of their new corporate headquarters, groundbreaking new software releases and promotional events throughout the next twelve months.

"From the beginning, our goal has been to provide great products at affordable prices that are backed with unparalleled customer support and service," said Linoma Software founder, Bob Luebbe. "We attribute our success over the last 20 years to this simple company philosophy. It encompasses all that we do."

Looking Back: A Modest Beginning

Husband and wife team, Bob and Christy Luebbe, started Linoma out of their home in 1994 to provide IT consulting and contract programming services to area businesses. The concept was simple, in that they offered experienced IT talent for affordable rates.

By late 1995, the Luebbes had hired several consultants to service their expanding customer base which included Fortune 500 companies such as Union Pacific, First Data Resources and Hewlett-Packard. They also officially opened their first office in Omaha, Nebraska to offer offsite programming services to out-of-state customers.

Around 1996, Bob had an idea for a product that addressed the challenge of converting legacy IBM RPG code to the new RPG IV (ILE RPG) language. During his off hours, Luebbe built the Convert to ILE RPG software, named it CVTILERPG and released it on a programming list server as a downloadable file. This proved to be a move that was ahead of its time as most software for IBM systems was distributed by mail and installed using cumbersome tapes.

BobLuebbeLinomaSoftwareCVTILERPG became an overnight success as a convenient-to-install and affordable utility, which paved the way for Linoma to evolve into a software company. Many of the original users of CVTILERPG (now called RPG Toolbox) are still loyal customers today.

Finding ways to make tasks easier and more efficient has always been the core of Linoma Software's approach to software development. From creating graphical interfaces for the AS/400 in 1997 with Surveyor/400, to the debut of Transfer Anywhere in 2002, to encrypting databases with Crypto Complete in 2007, Luebbe and his growing R&D team continued to innovate and streamline processes for the IBM i. As new products were developed and released, Linoma put an emphasis on affordability and five-star support, which the company is known for.

The release of GoAnywhere Director in early 2008 was a turning point for the company. Quickly becoming the flagship product for Managed File Transfer and secure data exchange, the multi-platform software delivered full automation, encryption and detailed audit trails for file transfers. Following shortly after in 2009, the introduction of GoAnywhere Services expanded the product offering to support secure file services using FTP, FTPS, SFTP and HTTP protocols. GoAnywhere Gateway joined the product suite in 2010 with enhanced forward and reverse proxy to protect files in the DMZ.

LinomaSoftware2014 Looking Forward: Success through Innovation

As the GoAnywhere software suite continues to grow and evolve, the company has grown as well. Linoma Software has been named to the Inc. 5000 list of top growing companies in Nebraska for the past two years. Their customer base consists of over 3,000 installations worldwide including government entities, large corporations and mid-sized companies. Boasting over a 98% customer retention rate, Linoma Software continues to win customers over through innovation, affordable product offerings and responsive product enhancements.

According to Luebbe, "Several of our customers have been with us since the beginning. They love the products and rave about our support. We're thrilled to be celebrating 20 years and it's because our customers truly appreciate what we do. Without their trust and support, we wouldn't be here. It's that simple, and we are truly grateful."

Click to Download and Print PDF

Upcoming Webinar: Focus on FTP Server Compliance

Get Your FTP Server in Compliance

Revised - Watch the Latest Webinar Recording

With the recently added rules for the Healthcare Insurance Portability and Accountability Act (HIPAA) that now holds trading partners and business associates accountable if they also handle patient data, it's a good time to review whether your FTP server is updated and ready to meet compliance requirements. Learn how to keep your data as well as trading partner files protected within your network and still allow external access without opening inbound network ports. You can also see a demo of Linoma Software's GoAnywhere™, a managed file transfer solution that includes a secure FTP server and a reverse proxy DMZ gateway with clustering and load balancing capabilities to ensure high availability.


 

IBM i Encryption Made Easy with DB2 Field Procedures

Now Available On Demand

IBM i 7.1 DB2 Field Procedures, data encryptionDuring this recorded webinar, you can learn about how to make the DB2 Field Procedures Tool in IBM version 7.1 work even more efficiently as part of a more comprehensive solution, one that makes it easier to implement encryption, manage keys, and generate auditing reports so important for meeting compliance regulations like HIPAA and PCI DSS,. You can also see a demo of Linoma's popular encryption software Crypto Complete.

Learn more


All of our webinars are recorded, so if you register and are not able to attend live, you'll be able to review the webinar at a more convenient time.

We look forward to having you join us and will be happy to answer any questions you have.

 

 

How Managed File Transfer Changed My Life

In addition to being one of Linoma Software's expert bloggers, Daniel Cheney is also in the IT trenches, and it was here that he first discovered the impact the switch to a managed file transfer solution had on his daily work life.
_ _ _ _ _ _ _ _ _ _

As a technology administrator at a major healthcare administration company, sending and receiving sensitive files between various systems used to be a daily grind and a consistent source of stress. We were using PC-based freeware FTP tools and the built in FTP functions on the IBM iSeries. The best we could do with scripting was to use CL command scripts to call the FTP function and hard code the login information. RPG programs would then call the CL scripts and retrieve and send the needed files, but there were insufficient logs and alerts for such automated activities.

The biggest headache for me was that these scripts, and the resultant sending of files, had to be error-free and reliable! Add to that the pressure of knowing how critical exchanging files is to the operation of the business and the challenge of having a single person responsible for its success -- it all became an unrealistic expectation. On top of this, because most of these files are sent over the Internet, and because of the inadequate tools we had at hand, the security of our FTP processes was insufficient.

I knew it was time to find a better solution and after doing some evaluation of available managed file transfer products for IBM iSeries, I selected GoAnywhere™ Director from Linoma Software.

Our installation of GoAnywhere Director made a huge difference almost immediately.

First, Director provides me with all the possible security protocols available, including SFTP, FTPS, and standard FTP with PGP encryption. It also has powerful scripting functions to login to HTTP and HTTPS sessions in order to automate logins to partner sites for file transfers.

Director makes it possible to automate all of the company's file transfers with a schedule and log so we know the path and time of every transaction. Alerts are automatically sent to us if there are any problems, or if we wish, every time it succeeds. Responsibility can be distributed to various departments as needed to receive these alerts and/or to begin the execution of the transfers when ready.

The simple-to-navigate web interface makes it easy for any user to view, verify, change and execute these file transfers. The scripting is easy for the average user to setup. If there are any challenges that we come up against with our file transfer processes, Linoma support has always been extremely effective at showing me how to do a successful execution.

I know how frustrating it can be to initiate, monitor, and track the ever increasing number of file transfers my company requires, especially without an all-in-one tool like managed file transfer. It amazes me how many IT people still don't realize there's a better way to do things -- a way that gives them more control, and more time to devote to all the other projects demanding their attention. I know managed file transfer -- and specifically GoAnywhere Director -- changed my life at work. I hope more of my IT colleagues discover the advantages soon.

Managed File Transfer Streamlines HIPAA/HITECH Complexity

Managed File Transfer (MFT) systems are great for policy enforcement, access authentication, risk reduction, and more. But for HIPAA and HITECH requirements, MFT shines as a work-flow automation tool.

MFT as the B2B Enabler

It shines because Managed File Transfer systems are actually automation platforms that can help companies streamline the secure transfer of data between business partners. How? It removes many of the configuration steps traditionally required for complex Business-to-Business (B2B) processes, keeping it straightforward and manageable.

Transferring patient information is a difficult challenge which many healthcare institutions are facing. Data standards were supposed to simplify this communication between healthcare institutions and their partners. But ask any technical professional about the underlying variability of data formats, and you'll hear a tale of potential confusion and complexity.

Nightmares of Compliance

The HITECH regulations within HIPAA require the security and privacy of healthcare records, strongly suggesting the use of data encryption. These records may travel between various healthcare-related partners including hospitals, clinics, payment processors and insurers. Each partner may require their own unique data format, and each may prefer a different encryption technique or transport protocol.

Considering these differing requirements, adding each new trading partner has traditionally needed the attention of in-house programming or manual processes, which has become hugely inefficient. Furthermore, if the new trading partner is not implemented properly, this can also create the potential for errors that may lead to data exposures. Any exposures could move the healthcare institution out of HIPAA/HITECH compliance and may cost them severely.

Simplifying and Integrating Information Transfer

A Managed File Transfer (MFT) solution can significantly reduce the potential for errors and automate those processes. With a good MFT solution, any authorized personnel should be able to quickly build transfer configurations for each healthcare business partner. This should allow for quick selection of strong encryption methods (e.g. Open PGP, SFTP, FTPS, HTTPS) based on the partner's requirements, so that HITECH requirements are maintained. At the same time, a MFT solution creates a visible audit trail to ensure that compliance is sustained.

But, perhaps just as important, a good Managed File Transfer solution is constructed as a modular tool that can be easily integrated into existing software suites and workflow processes. In fact, a good MFT is like a plug-able transfer platform that brings the variability of all kinds of B2B communications under real management.

Now extend the MFT concept beyond the healthcare business sector, into manufacturing, finance, distribution, etc. Suddenly MFT isn't a niche' utility, but a productivity and automation tool that has myriad uses in multiple B2B environments.

A Day-to-day Technical Solution

Perhaps this is why the Gartner Group has identified Managed File Transfer as one of the key technologies that will propel businesses in the coming years. It's more than just a utility suite: It's a system that can be utilized over and over as an integral part of an organization's solutions to automate and secure B2B relationships. In other words, MFT isn't just for specialized compliance requirements, but a lynch-pin of efficient B2B communications technology that can bring real cost savings to every organization.

Healthcare Case Study Utilizing a MFT Solution: Bristol Hospital Takes No Risks with Sensitive Data

The Culture of Data Security

Data SecurityWe hear a lot of buzz about protecting both customer and company data, but it is alarming how few IT departments and enterprise users are protecting their data correctly. A recent survey conducted for Oracle reveals that fewer than 30 percent of their respondents are encrypting personally identifiable information.

Data and network security should be the basis for every IT decision, but it is typically an afterthought. The Oracle report also concludes that half of companies surveyed profess a strong commitment to data security, but only 17 percent of them have begun to scratch the surface.

Lack of data security is often due to corporate culture and the fear of change. Most companies at the corporate level agree they are committed to data security and protecting customer records. If a company's official stance is to protect their data, where are the security holes?

In my experience, the largest security holes exist in the departments outside the core IT organization. They don't place the same value on the data as the IT Security team. Many companies still allow their employees to perform file transfers directly from their desktops and laptops using FTP or other unsecure tools. Not only are these ad-hoc methods unsecure and capable of exposing passwords or entire databases, they do not all function alike and do not provide centralized logs.

Educating employees about the dangers of unsecured and/or unnecessary data transfer is more business-friendly than preventing it altogether. Part of this process should be moving everyone to a managed file transfer methodology, like Linoma Software's GoAnywhere Director. This not only secures your data transfers, but it creates a digital paper trail showing where assets are going - something which is of particular importance when you consider all the data security compliance regulations in effect today.

Data security for the millions of files sent over the Internet or within "the cloud" is of great importance to all industries, including health care, retail, banking and finance. Internet transfers include the critical data needed to conduct business, such as customer and order information, EDI documents, financial data, payment information, and employee- and health-related information. Many of these information transfers relate to compliance regulations such as PCI, SOX, HIPAA and HITECH, state privacy laws, or other mandates.

We need to grow a data security culture that includes securing file transfers.

Who is Protecting Your Health Care Records?

How important is a patient's privacy? If your organization is a health care facility, the instinctive answer that comes to mind is "Very important!" After all, a patient's privacy is the basis upon which the doctor/patient relationship is based. Right?

But the real answer, when it comes to patient data, may surprise you. According to a study released by the Ponemon Institute, "patient data is being unknowingly exposed until the patients themselves detect the breach."

The independent study, entitled "Benchmark Study on Patient Privacy and Data Security" published in November of 2010examined the privacy and data protection policies of 65 health care organizations, in accordance with the mandated Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. HITECH requires health care providers to provide stronger safeguards for patient data and to notify patients when their information has been breached.

Patient Data Protection Not a Priority?

According to the study, seventy percent of hospitals say that protecting patient data is not a top priority. Most at risk is billing information and medical records which are not being protected. More significantly, there is little or no oversight of the data itself, as patients are the first to detect breaches and end up notifying the health care facility themselves.

The study reports that most health care organizations do not have the staff or the technology to adequately protect their patients' information. The majority (67 percent) say that they have fewer than two staff members dedicated to data protection management.

And perhaps because of this lack of resources, sixty percent of organizations in the study had more than two data breaches in the past two years, at a cost of almost $2M per organization. The estimated cost per year to our health care systems is over $6B.

This begs the question: Why?

HITECH Rules Fail to Ensure Protection

HITECH encourages health care organizations to move to Electronic Health Records (EHR) systems to help better secure patient data. And, indeed, the majority of those organizations in the studies (89 percent) said they have either fully implemented or planned soon to fully implement EHR. Yet the HITECH regulations to date do not seem to have diminished security breaches at all, and the Ponemon Institute's study provides a sobering evaluation:

Despite the intent of these rules (HITECH), the majority (71 percent) of respondents do not believe these new federal regulations have significantly changed the management practices of patient records.

Unintentional Actions - The Primary Cause of Breaches

According to the report, the primary causes of data loss or theft were unintentional employee action (52 percent), lost or stolen computing device (41 percent) and third-party mistakes (34 percent).

Indeed, it would seem that - with the use of EHR systems - technologies should be deployed to assist in these unintentional breaches. And while 85 percent believe they do comply with the loose legal privacy requirements of HIPAA, only 10 percent are confident that they are able to protect patient information when used by outsourcers and cloud computing providers. More significantly, only 23 percent of respondents believed they were capable of curtailing physical access to data storage devices and severs.

The study lists 20 commonly used technology methodologies encouraged by HITECH and deployed by these institutions, including firewalls, intrusion prevention systems, monitoring systems, and encryption. The confidence these institutions feel in these technologies are also listed. Firewalls are the top choice for both data breach prevention and compliance with HIPAA. Also popular for accomplishing both are access governance systems and privileged user management. Respondents favor anti-virus and anti-malware for data breach prevention and for compliance with HIPAA they favor encryption for data at rest.

The Value of Encryption

The study points to the value of encryption technologies - for both compliance purposes and for the prevention of unintended disclosure - and this value is perceived as particularly high by those who participated in the study: 72 percent see it as a necessary technology for compliance, even though only 60 percent are currently deploying it for data breach prevention. These identified needs for encryption falls just behind the use of firewalls (78 percent), and the requirements of access governance (73 percent).

Encryption for data-at-rest is one of the key technologies that HITECH specifically identifies: An encrypted file can not be accidentally examined without the appropriate credentials. In addition, some encryption packages, such as Linoma's Crypto Complete, monitor and record when and by whom data has been examined. These safeguards permit IT security to audit the use of data to ensure that - should a intrusion breach occur - the scope and seriousness of the breach can be assessed quickly and confidently.

So how important is a patient's privacy? We believe it's vitally important. And this report from the Ponemon Institute should make good reading to help your organization come to terms with the growing epidemic of security breaches.

Read how Bristol Hospital utilizes GoAnywhere to secure sensitive data.

Message Queues and Network Shares Added to Managed File Transfer Solution

The new 3.5 release of GoAnywhere Director is now available with more features to help organizations automate, secure and manage file transfers.

In this new release, GoAnywhere Director provides simpler access to files and folders on Network Shares. It can also connect to enterprise Message Queues (e.g. WebSphere MQ) for better integration with customer applications. The new version also includes "File Monitors" which can be used to easily scan for new, modified and/or deleted files in targeted folders. Additionally, this release includes the ability to auto-resume file transfers if FTP and secure FTP connections are broken.

In addition, better High Availability (HA) capabilities allow GoAnywhere Director to store configurations in customer database systems including SQL Server, MySQL and DB2 for IBM I (iSeries). This allows customers to manage and replicate this data using in-house database and HA tools.

I'll say it again, that of all the tools I have purchased over 28 years in I.T. GoAnywhere Director is my favorite! ~ Don McIntyre, Kansas City, Missouri School District

Read the press release > >

Are You Confident Your FTP Credentials Are Secure?

Nesting Dolls to Wormholes

Do You Know Where Your FTP Credentials Are?

FTP Security WormholeA security researcher named Chris Larson happened onto a curious website last September that had been serving some malicious-looking exe files. While poking around, he wrote in his blog, "I came across an 'unlocked door' on the malicious Web site and took a look inside." Treading like an adventurer in Alice's Wonderland, Larson discovered that this little doorway opened into a world of potential hurt for companies around the world.

There was a strange, oddly-sized GIF file that, with further poking, revealed a hidden payload. The GIF, when poked, revealed four text files. Little by little, their contents spilled out, until, finally it revealed a dark criminal archive. The files contained the login credentials of more than 100,000 FTP sites.

It was an unbelievable discovery, like a Russian nesting doll, that - when unpacked - opened a veritable wormhole to FTP sites around the world: Domain names, User IDs, and Passwords.

Nearly two thousand of these FTP credentials were the domain credentials from one particular site that claimed to Web-host nearly two hundred thousand separate FTP sites. Another file contained a hundred thousand credentials from a variety of unrelated individual sites. Using this archive of FTP credentials, the thief (or thieves) could penetrate, inspect, and selectively harvest the information contained within stored files that users had transferred between their workstations and their corporate computers.

How this archive was assembled and hidden demonstrates how the network of thieves profits and expands. Larson noticed a duplication of a small percentage of the FTP credentials. This seems to indicate that the archive was probably robotically created by a virus or Trojan.

Larson had discovered an actual retail operation that gathers FTP credentials, and then sells those credentials - like a retail mailing list -- throughout the underworld to anyone who can pay the price. The archive, in its hidden GIF packaging, appears to be the actual product. Such an archive would be valuable to identity thieves with its hidden payload. In this state, it was ready to be transmitted to other thieves, running beneath the radar of security network packet sniffers.

This begs the question: "Do you know where your company's FTP credentials are stored?" If your company is using a managed file transfer (MFT) suite like Linoma's GoAnywhere, you already know the answer.

The best MFT suites manage the access to FTP, centralize the file transfer process, and secure the credentials that are communicated between hosts. By using a MFT suite, IT can institute rules by which file transfer credentials are organized, encrypt the transfers themselves, and log every transfer activity. User credentials to other servers are also centralized and secured, and the connection rules that your business partners use can be managed to ensure that user ids and passwords regularly updated.

Chris Larsen uncovered a secret world in which the doors to our systems - and our business partner's systems - are sold as simple commodities, available to anyone who can pay the price. It's like a toyshop where your company's FTP credentials are displayed like exotic dolls, nested within a GIF wrapping: a GIF that promises to keep on giving.

Isn't it time to do something about it?

Transferring Large Files over the Internet? A Few Managed File Transfer Recommendations

Internet File TransfersRecent posts on this blog have outlined reasons to consider installing a file transfer system that will help streamline productivity and secure the transfer of sensitive documents. We understand that selecting a product can be time consuming. To help you make the most educated decision here are a few more helpful suggestions to consider when selecting a managed file transfer solution.

  • Easy to learn and easy to use - The managed file transfer (MFT) system you choose should have an intuitive interface that can be learned quickly. No programming skills should be required. If it isn't easy to use, end-users and non-IT personnel will shy away from using it.
  • Audit trails - The secure file transfer solution should produce comprehensive audit trails of all file transfer activity and support SYSLOG feeds to a central logging server.
  • Produces alerts - An automated file transfer solution should be able to send you email alerts or texts instantly when problems occur.
  • Password security - The managed file service you choose should not show password values on any screens or logs. Encrypts all passwords that are stored.
  • Remote access - The file transfer product allows for remote administration and monitoring of file transfers, preferably through the browser.
  • Web site transfers - The file transfer solution needs the ability to support HTTP and HTTPS protocols for transferring data.
A managed file transfer solution can not only save your department time, but it can also save you money. A comprehensive solution will enable you to complete menial tasks and allow your department to concentrate on the larger picture.

Did I mention we have a managed file transfer product…GoAnywhere? GoAnywhere allows organizations to secure and automate the exchange of data with their trading partners, customers, employees and internal systems. Still not sure what you are looking for? We offer a free product trial and we would be happy to schedule a demo to go over how GoAnywhere can help your company.

Related Blog Post: Top 10 Managed File Transfer Considerations

FTP Server Security Flaw Discovered

We know that FTP has security issues that are based upon its aging design. But a new flaw, discovered by Maksymilian Arciemowicz, is creating new concerns. This new flaw is calling into question the underlying code-base implemented by literally thousands of FTP server applications.

The flaw resides in several C code libraries that call the glob() function. "Globbing" is a pervasive function that permits the use of wildcard patterns to identify file names. It's one of the most commonly used processes in transferring large numbers of files with FTP: Instead of individually selecting files, a user may select a folder or a group of files based upon a common string. The common use of *.doc or *.* are examples.

The flaw discovered by Arciemowicz relates to a feature added to C libraries in 2001. That feature - called GLOB_LIMIT - was designed to limit the amount of memory used during transfer. Because GLOB_LIMIT is not effective, it potentially allows a system's main memory to be flooded when processing certain patterns and this may, depending on the hardware used, cause the system to become very slow, cease to respond or even crash as a result.

Of course, crashing an FTP server can then permit other security violations to take place - not only on the server side. For instance, a hung FTP server that is in the midst of a conversation with a client can leave the client's data in the open. This represents a serious potential security hole for the client software itself.

In most servers, the function is implemented via libc, but some vendors have integrated the globbing feature directly into their products, with an option in the configuration settings for it to be disabled. Arciemowicz said that OpenBSD 4.7, NetBSD 5.0.2, FreeBSD 7.3 / 8.1, Oracle Sun Solaris 10 and GNU Libc (glibc) are affected. FTP and SFTP servers all tend to support globbing, so it's important to either disable globbing in the configuration of the server side, and/or to contact the software vendor about the use of this underlying function to discuss how to the function.

GoAnywhere does not have this issue as it does not use C or the GLOB_LIMIT. GoAnywhere Services is a secure file server that allows trading partners (both internal and external) to securely connect to your system and exchange files within a fully managed and audited solution. Popular file transfer and encryption standards are supported without the need for proprietary client software.