>>There has been something that has me baffled. Increasingly I've seen situations where I can't get a file transferred to a customer because of security (we've got an FTP site, but they're not able to get to it -- local security policy has FTP transfer blocked). For the sake of securty they've pretty much blocked attached files on E-mail too. And then the suggestion comes to use DropBox -- from their IT staff... I don't get it. From what I've been able to determine, it's real easy to set up -- just install software, designate a folder you want to share, then drop the file into the shared folder. It handles transfer via Internet automagically through a tunnelling protocol... Hrm.. a folder on YOUR system that you SHARE on the Internet -- using a tunnelling protocol (which allows it to work around port lockdown) -- how is THAT supposed to be MORE secure?
>
>FTP is not secure, in the sense that it is an old protocol - and therefore the data is sent unencrypted. A more modern equivalent is SSH (secure shell, which also replaces the insecure Telnet).
>
>"Tunneling protocol" means that data from one protocol is encapsulated (i.e., header information is added) to convert it to a different protocol. In this case, pressumably a security protocol, i.e., some sort of encryption.
>
>Port lockdown... From Dropbox help:
>
>Usually no additional firewall configuration is needed because Dropbox uses the same ports a web browser uses. If you can access the Internet using your web browser, the Dropbox desktop application should be able to use the same internet connection to sync your files.
>
>However, if you're having difficulty syncing after installing the application, you may need to adjust your firewall settings to permit the Dropbox application access to the Internet. In most cases, this simply means adding Dropbox to a list of applications with Internet access or what is sometimes called "exceptions."
>
>In other words, since it uses the same port as HTTP (port 80 on the server side, dynamically assigned ports >= 1024 on the client side), it will most likely pass the firewall. This part, in itself, is not about security, but about... compatibility, or making it work in the first place.

I understand that FTP isn't encrypted -- so there is a possibility of "eavesdropping", thus not secure as a transport. Most of the time the reason given for blocking FTP and E-mail attachment is that they don't want unauthorized transfer of data -- with a large focus on protection against virus and malware (they don't want people to bring in software from outside). So how does locking out FTP and E-mail attachments, but still allowing DropBox accomplish this (aside from narrowing the number of avenues)?