Security Basics mailing list archives
Securely connecting to FTP
From: Benjamin Betsalel <betsalel509 () live com>
Date: Tue, 25 Oct 2011 11:23:06 +0000
Hello List, I have a question regarding the use of FTP as is often provided by ISPs. A lot of smaller ISPs will offer you a small, free bit of web hosting, and you will use FTP to transfer the content to your assigned hosting space. It seems often all the information the ISP provides to connect is the address and user credentials, and then you would enter this into an FTP client to connect to your space. I am not all that familiar with FTP, but looking at the options you seem to be able to try to use SFTP on port 990(different protocol entirely-probably not supported by ISP I would guess. I could not get it working in any case). Trying to use FTP I am shown 4 options for encryption (None, SSL/TLS, SSL or TLS), however attempting to connect with anything other than 'None' for the encryption would fail to connect. So I have a couple of questions. 1) what are the implications of connecting FTP on port 21 with no encryption - my username and pass is sent plaintext to the server. Where can I or where would I worry about being MiTM'ed ? My own LAN connection being sniffed? any place inbetween my lan and the ISP server? 2) is it that smaller ISPs just don't provide this type of functionality, and you won't be able to encrypt while using FTP? - that is, is a secure ftp connection a bit of a premium that you pay more for or need to look more specifically into other companies offering "secure ftp services.", or should there be no reason why one ISP would not be able to offer this service. Thank you in advance. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Securely connecting to FTP Benjamin Betsalel (Oct 25)
- Re: Securely connecting to FTP Matthew Caron (Oct 25)
- Re: Securely connecting to FTP BH (Oct 25)
- Re: Securely connecting to FTP Ansgar Wiechers (Oct 26)
- RE: Securely connecting to FTP Benjamin Betsalel (Oct 26)
- Re: Securely connecting to FTP Lothar Kimmeringer (Oct 27)