Security Basics mailing list archives
Re: Securely connecting to FTP
From: Matthew Caron <Matt.Caron () sixnet com>
Date: Tue, 25 Oct 2011 11:28:53 -0400
On 10/25/2011 07:23 AM, Benjamin Betsalel wrote:
So I have a couple of questions. 1) what are the implications of connecting FTP on port 21 with no encryption - my username and pass is sent plaintext to the server. Where can I or where would I worry about being MiTM'ed ? My own LAN connection being sniffed? any place inbetween my lan and the ISP server?
Everywhere. Assume that nothing is secure, and all connections can be monitored.
2) is it that smaller ISPs just don't provide this type of functionality, and you won't be able to encrypt while using FTP? - that is, is a secure ftp connection a bit of a premium that you pay more for or need to look more specifically into other companies offering "secure ftp services.", or should there be no reason why one ISP would not be able to offer this service.
There is no reason why an ISP shouldn't be able to offer this. If they can't, it makes me question their technical acumen.
That said, I've never used an ISP for hosting - that's what hosting providers are for. ISP's connect you to internet pipes, and you should shop around for one which meets your needs. Hosting companies provide hosting, and you should shop around for one which meets your needs. Finding a good, reliable ISP which also does hosting well tends to be problematic - especially since ISP's need to be physically close to you (more or less) and hosting companies can be anywhere.
-- Matthew Caron Build Engineer Sixnet | www.sixnet.com O +1 518 877 5173 Ext. 138 F +1 518 602 9209 matt.caron () sixnet com ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Securely connecting to FTP Benjamin Betsalel (Oct 25)
- Re: Securely connecting to FTP Matthew Caron (Oct 25)
- Re: Securely connecting to FTP BH (Oct 25)
- Re: Securely connecting to FTP Ansgar Wiechers (Oct 26)
- RE: Securely connecting to FTP Benjamin Betsalel (Oct 26)
- Re: Securely connecting to FTP Lothar Kimmeringer (Oct 27)