Almost all the organizations use emails to transfer their confidential files. When we talk about email based file transfer, there are risks involved. In security we usually mention the phrase, “points of compromise”. These points of compromise are where an attack can occur and if successful, can cause serious damage. The following graphic illustrates different points of compromise when a file is sent via an email.
It can be observed that there are multiple points of compromise, in the whole path, from one organization’s computer, to the other. These points of compromise are described below:
- Connection between the computer of a sender and the local email server can be compromised by a successful man-in-the-middle attack.
- The organizational mail server can be compromised via leaked credentials, phishing email, unpatched vulnerability etc.
- Connection between the mail server and the edge router can be compromised by a successful man-in-the-middle attack.
- Finally, the recipient’s email server can be compromised via previously stated attack vectors.
The question can then be, what is a safe way of sending a file. Well, it depends on the use-case. For instance, the sender of the file can zip the file and set a password while encrypting it, there by removing threat of man-in-the-middle attack. In the past there have been vulnerabilities in the ZIP software as well as password cracking tools which could brute force a zip file. Thus, highly confidential files cannot be risked being cracked.
One of the solutions is using file sharing applications. That said, the issue with normal file sharing solutions is that many of them do not encrypt the file being uploaded onto their platform. From a security perspective, it is not advisable. Think Google Drive!
Then there are more secure solutions which apart from creating a secure connection to the server, this is referred to as data in motion security, they also have encrypted file storage, which is referred to as data at rest security. There are issues in these solutions as well, attacks from an insider, for example a server admin, or a disgruntled employee or corporate espionage. Furthermore, the connection from the client to the server, though encrypted, but can be attacked via man-in-the-middle attack.
Before we go to the third category of file sharing applications, I would like to add that the aforementioned categories of applications do not protect the file upload link, which is generated when the file is uploaded. This means that if the if you accidentally send the link of the uploaded file to A instead of B, they can easily view the files by copy/pasting the link in their browser.
The third category of file sharing solutions are the solutions which ask for a password or a pin-code, at the time of upload, and when the file gets uploaded, it gets encrypted using the key generated from the pin-code or the password. Thus, if someone gets to the file, somehow, by exploiting a vulnerability in the application, they cannot decrypt the file without a valid key. The problem with these solutions is that as the pin-code or the password is saved on the database, on the server, thus if the server gets compromised the password can be obtained from the database and thus the key can be generated, and the file decrypted. This category is more secure than the above mentioned categories.
The last category of file sharing applications is where the file is encrypted on the client browser, thereby removing the threat of man-in-the-middle attack, at any point during the transport. This is complemented by encrypted pin-code/password. There by reducing the threat of an insider nearing zero.