EFT Server provides the following password-encryption features:
Use a two-way TwoFish encryption cipher (algorithm for performing encryption; see SSL) on passphrases that must be reversible.
Use a one-way hash for passphrases that do not need to be reversible.
Encrypt all passwords used in the following areas:
ClientFTP.dll client authentication
Authmanager.dll for AD (Active Directory is a Microsoft implementation of LDAP directory services used to provide central authentication and authorization services for Windows-based computers), ODBC (Open Database Connectivity; a standard database access method used to access any data from any application, regardless of which database management system (DBMS) is handling the data), and LDAP - Lightweight Directory Access Protocol; an application protocol for querying and modifying directory services running over TCP/IP. authentication
PGP private key (the server's private key decrypts the client's session. The private key has a .key extension and is part of the public-private key pair) passphrases
ARM (Auditing and Reporting Module; captures the transactions passing through EFT Server and provides an interface in EFT Administrator where you can use preconfigured or your own custom reports to query, filter, and view transaction data) connection string password
|
|
PCI DSS (multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures) requirement 8.4 states that you should encrypt all passwords during transmission and storage on all system components. |
