Existing FTP Service at Risk One-Step Solution Using IBM i Extended Features

Introduction

Data transfer has been a staple of the industry for decades through the File Transfer Protocol (FTP). While FTP services have been around for a long time, they face an increasing number of security risks and vulnerabilities. The purpose of this blog post is to highlight the existing FTP services that are vulnerable and to examine the potential repercussions of not addressing them.

The Significance of FTP

The FTP protocol is widely used for transferring files over a network. It has been used in a variety of industries, including web development, content management, and data sharing. Its simplicity and ease of use have been relied upon by organizations for many years. Furthermore, it can be used to submit IBM i commands to the system in addition to transferring files.

How is the security risk scaled?

FTP, however, does have an important drawback when it comes to transferring flat files: it is not a secure protocol. A common example is that usernames and passwords are displayed in plain text and that data is not encrypted during transmission. As a result, FTP is vulnerable to malicious techniques such as packet sniffing, spoofing, and brute force attacks.

This method is not subject to the menu security or application security that normally applies to IBM i user profiles. Moreover, there is no control or security check over the commands/scripts, which increases the risk of data corruption in IBM i. As a result, data breaches could occur.

Solution using IBM i extended feature – Exit Point

To protect these sensitive network access points from abuse, IBM developed an “Exit Point” facility.

Exit Programs are critical because the IBM i operating system does not allow logging to be performed when tools like FTP are used without them. In addition to that FTP logs are not available. In the case of sensitive files, it is impossible to determine who downloaded them. It is therefore essential for security and compliance to have exit programs that can audit and control server activity.

What exactly is an Exit Point?

An exit point is simply a point in an application where an external program can be called to customize processing. With the IBM i FTP logon server application, you can hook your program into the logon processing logic to control who can log on and what happens when a logon attempt is made. The WRKREGINF (Work with Registration Information) or ADDEXITPGM (Add Exit Program) commands tell the FTP server you have an exit program.

1. Registering Exit Program

The following steps will guide you through registering your exit programs:

• Enter WRKREGINF in the command line.
• Page down to an FTP Server Logon exit point as below:

• Option eight and press Enter.
• At the Work with Exit Programs display, enter a 1(add).
• In the Exit Program field, enter the name of the exit program.
• In the Library field, enter the name of the library containing the exit program.
• Press Enter.
• Ensure that all FTP server instances use the exit programs by restarting the FTP server.

Program for	Exit Point	Exit Interface
FTP Server logon	QIBM_QTMF_SVR_LOGON	TCPL0100 TCPL0200  TCPL0300
FTP Request validation	QIBM_QTMF_SERVER_REQ	VLRQ0100

FTP Server Logon

TCP/IP Application Server Logon exit points allow you to manage the authentication process for TCP/IP application servers. An FTP server can be accessed by this exit point based on the address of the originating session. Additionally, it allows you to specify an initial working directory other than the user profile.

FTP Request Validation

Users of FTP can be restricted from performing certain operations through the request validation exit points.

Exit Point interface for FTP Server Logon

Exit points have a name and an Exit Point Interface. Exit Point Interfaces contain lists of input and output parameters that IBM servers exchange with your exit programs. As soon as a user logs on to the FTP server with a user ID and authentication string (e.g., a password), the QIBM_QTMF_SVR_LOGON exit point is activated. It typically uses the TCPL0100 interface.

Parameter format for TCPL0100 exit point interface

Parameter	Description	Input or Output	Type and length
1	Application Identifier	Input	Binary (4)
2	User Identifier	Input	Char (variable length)
3	Length of user identifier	Input	Binary (4)
4	Authentication String	Input	Char (variable length)
5	Length of authentication string	Input	Binary (4)
6	Client IP address	Input	Char (variable length)
7	Length of Client IP address	Input	Binary (4)
8	Return code	Output	Binary (4)
9	User Profile	Output	Char (10)
10	Password	Output	Char (10)
11	Initial current library	Output	Char (10)

In addition to the above parameters, the below are added to the TCPL0200 interface

Parameter	Description	Input or Output	Type and length
12	Initial Home Directory	Output	Char (variable length)
13	Length of the initial home directory	Input/Output	Binary (4)
14	Application-specific information	Input/Output	Char (variable length)
15	Length of application-specific information	Input	Binary (4)

Return Code and Return Values: Output Parameters for the TCPL0100 Interface

Return Code	User Profile	Password	Initial/Current Library used
0 Reject	Ignored	Ignored	Ignored
1 Accept	Original User ID	Original Password	From User Profile
2 Accept	Original User ID	Original Password	Return value
3 Accept	Return value	Return value	From the User Profile specified in the Return value
4 Accept	Return value	Return value	Return value
5 Accept	Return value	Ignored	From the User Profile specified in the Return value
6 Accept	Return value	Ignored	Return value

Exit Point Interface for FTP Request Validation

A request for the FTP server application is validated through the QIBM_QTMF_SERVER_REQUEST exit point. These exit points use the VLRQ0100 interface to control the parameter format. The VLRQ0100 exit point interface contains certain parameters.

Parameter format for VLRQ0100 exit point interface:

Parameter	Description	Input or Output	Type and length
1	Application Identifier	Input	Binary (4)
2	Operation Identifier	Input	Binary (4)
3	User Profile	Input	Char (10)
4	Remote IP address	Input	Char (variable length)
5	Length of remote IP address	Input	Binary (4)
6	Operation-specific information	Input	Char (variable length)
7	Length of operation-specific information	Input	Binary (4)
8	Allow operation	Output	Binary (4)

Allow operation output values:

Value	Description
-1	Never allow this operation identifier: Reject this operation identifier unconditionally for the remainder of the current session. This operation identifier will not call the exit program again.
0	Reject the operation
1	Allow the operation
2	Always allow this operation identifier: Allow this operation to be identified unconditionally for the remainder of the current session. This operation identifier will not call the exit program again.

Removing Exit Programs:

In the Work with Exit Programs section, you can remove exit programs you no longer need.

Here are the steps you need to follow to remove an installed exit program:

• Enter WRKREGINF in the command line.
• Page down to an FTP Server Logon exit point as below:

• Option eight and press Enter.
• At the Work with Exit Program display, enter a 4 (Remove).
• Enter the name of the exit program in the Exit Program field.
• Enter the name of the library that contains the exit program in the Library field.
• Press Enter.
•  After you finish removing exit points, stop and restart the FTP server.

Conclusion

FTP has served as a workhorse for file transfer for many years, but its vulnerabilities make it a risky choice in today’s cybersecurity landscape. Organizations should consider transitioning to more secure alternatives like SFTP, FTPS, or MFT solutions to protect their data and maintain compliance with security standards and regulations. The risks associated with existing FTP services are real and addressing them is essential to safeguard sensitive information in an increasingly interconnected and threat-prone world.