Deploy the DMZ Gateway and enforce TLS 1.2+ with strong ciphers. That alone eliminates >80% of common attack vectors.
| Attack | Misconfiguration | Fix | |--------|------------------|-----| | | FTP PORT command allowed | Disable PORT command; force PASV behind DMZ Gateway | | SFTP weak KEX | Allows diffie-hellman-group1-sha1 | Edit SSH config in EFT → KEX: curve25519-sha256, ecdh-sha2 | | Admin interface exposed | Port 1100 open to internet | Block at firewall; require VPN or internal access only | | Session hijacking | No session timeout | Set admin idle timeout = 15 min; user session timeout = 30 min | | Directory traversal | Virtual path = C:\FTProot\ + user input ../../../windows | Use PathValidation regex to block .. and : | globalscape application security
Globalscape EFT is a mature, secure MFT platform deployed with defense in depth. The most common failures are not in the software itself but in: Deploy the DMZ Gateway and enforce TLS 1
