Security Basics mailing list archives

Re: Securely connecting to FTP

From: Matthew Caron <Matt.Caron () sixnet com>
Date: Tue, 25 Oct 2011 11:28:53 -0400

On 10/25/2011 07:23 AM, Benjamin Betsalel wrote:

So I have a couple of questions.

1) what are the implications of connecting FTP on port 21 with no encryption
-
my username and pass is sent plaintext to the server. Where can I or
where would I worry about being MiTM'ed ? My own LAN connection being
sniffed? any place inbetween my lan and the ISP server?

Everywhere. Assume that nothing is secure, and all connections can bemonitored.

2) is it that smaller ISPs just don't provide this type of functionality, and you won't be able to encrypt while using 
FTP?
-
that is, is a secure ftp connection a bit of a premium that you pay
more for or need to look more specifically into other companies offering
"secure ftp services.", or should there be no reason why one ISP would
not be able to offer this service.

There is no reason why an ISP shouldn't be able to offer this. If theycan't, it makes me question their technical acumen.

That said, I've never used an ISP for hosting - that's what hostingproviders are for. ISP's connect you to internet pipes, and you shouldshop around for one which meets your needs. Hosting companies providehosting, and you should shop around for one which meets your needs.Finding a good, reliable ISP which also does hosting well tends to beproblematic - especially since ISP's need to be physically close to you(more or less) and hosting companies can be anywhere.


--
Matthew Caron
Build Engineer
Sixnet | www.sixnet.com
O +1 518 877 5173 Ext. 138
F +1 518 602 9209
matt.caron () sixnet com

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Securely connecting to FTP Benjamin Betsalel (Oct 25)
- Re: Securely connecting to FTP Matthew Caron (Oct 25)
- Re: Securely connecting to FTP BH (Oct 25)
  - Re: Securely connecting to FTP Ansgar Wiechers (Oct 26)
  - RE: Securely connecting to FTP Benjamin Betsalel (Oct 26)
- Re: Securely connecting to FTP Lothar Kimmeringer (Oct 27)