BNL Home

Policies Home

Anonymous Upload Policy

1.0 Goal

Have all BNL FTP servers, Web servers, and other externally facing services capable of accepting content, configured to prevent the anonymous upload and subsequent download of inappropriate material.

2.0 Background

Recent Red Team activities identified porn material hosted for download on BNL FTP servers. The servers were configured to allow anonymous upload of material with no involvement of administrators prior to having the files available for download, and no alteration of file names or directories to hinder downloads. Though the FTP servers were outside the BNL perimeter and the clean up of the files is a minor activity, the risk to BNL operations is quite large due to the political sensitivity of these kinds of incidents to BNL and the DOE. The perception of BNL hosting porn files becomes a political issue in the upper echelon of DOE Office of Science and damages the reputation of both BNL and DOE. The reactions from the DOE Office of Science and higher levels in the government are unpredictable and can be seriously damaging to BNL operations for extended periods of time. Because of these political ramifications the configurations of FTP servers need to be tightly controlled to avoid the unpredictable consequences.

Other services that allow anonymous uploads include submission of content through a wiki or web forum, web applications that accept submissions (Indico), and web servers. The policy statement is being written to cover all externally facing services that accept anonymous content.

3.0 Policy

Externally facing services must be configured with mitigating controls in place to prevent the anonymous upload and subsequent download of inappropriate materials. Anonymous uploads from unauthorized sources without mitigating controls must have a documented business justification approved by the local DOE Site Office.

4.0 Enforcement

Externally facing services configured to allow unimpeded anonymous uploads and downloads without mitigating controls will be blocked from the network upon discovery.

5.0 Guidance

Recommended mitigating controls for FTP servers include:

  • set permissions on the incoming directory to make it non-readable
  • change name and location of uploaded files immediately after upload to prevent subsequent download
  • do not allow downloads from incoming directory
  • require authentication for users to upload materials whenever possible

6.0 Reference

FTP - File Transfer Protocol - Common Internet file transfer mechanism.