Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Securely connecting to FTP

From: Benjamin Betsalel <betsalel509 () live com>
Date: Tue, 25 Oct 2011 11:23:06 +0000




Hello List,

I have a question regarding the use of FTP as is often provided by ISPs.

A
lot of smaller ISPs will offer you a small, free bit of web hosting,
and you will use FTP to transfer the content to your assigned hosting
space.

It seems often all the information the ISP provides to
connect is the address and user credentials, and then you would enter
this into an FTP client to connect to your space. I am not all that
familiar with FTP, but looking at the options you seem to be able to try
to use SFTP on port 990(different protocol entirely-probably not
supported by ISP I would guess. I could not get it working in any case).
Trying to use FTP I am shown 4 options for encryption (None, SSL/TLS,
SSL or TLS), however attempting to connect with anything other than
'None' for the encryption would fail to connect.

So I have a couple of questions.

1) what are the implications of connecting FTP on port 21 with no encryption
-
my username and pass is sent plaintext to the server. Where can I or
where would I worry about being MiTM'ed ? My own LAN connection being
sniffed? any place inbetween my lan and the ISP server?

2) is it that smaller ISPs just don't provide this type of functionality, and you won't be able to encrypt while using 
FTP?
-
that is, is a secure ftp connection a bit of a premium that you pay
more for or need to look more specifically into other companies offering
"secure ftp services.", or should there be no reason why one ISP would
not be able to offer this service.

Thank you in advance.
                                          

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: