The risks of file transfer are twofold:
Exposed file servers might be buggy, allowing an attackers to access more that they should be allowed. In addition, the tight integration of file serving with the operating system might enable an attacker to escalate his privileges quickly.
Files transferred between the application endpoints may contain malicious content, and may compromise the client, if executed.
Some file transfer/file access protocols are hard to filter by some firewall technologies. This forces an organization to permit more than the minimal possible access, violating the least privilege concept.
Was this article helpful?