Ftp Security
Essay by review • December 16, 2010 • Essay • 873 Words (4 Pages) • 933 Views
FTP Security - An Overview
Sharing files over the Internet can be challenging especially when there are many of them and their size can be in the Gigabytes. Some options are the many flavors of messengers the most popular being Yahoo or MSN. This however could be a tedious process because each would have to be done one at a time and most of our customers simply would not stand for this type of manual, time intensive process. Another option is to use email but that option can be slow and many system administrators limit the size of one's mailbox to a size that would make this option prohibitive. Remote desktop software is an option but that typically has slow performance. What is the solution? Why FTP, of course!
What is FTP? FTP is an acronym for File Transfer Protocol. The sole purpose of FTP is to serve as a way to transfer data files, or any files for that matter, over a network connection or over the Internet.
In the native form, FTP is similar to Hypertext Transfer Protocol (HTTP). To host a FTP sites one needs a server to host the data available for download as well as a repository to hold the information being uploaded. Clients log on to the server, using the correct log on information and software designed to enable these types of file transfers.
When using HTTP, one will use Internet Explorer, or an alternative Web Browser like Netscape or Mozilla. Alternatively when using FTP, a FTP client software like Bulletproof FTP, WSFTP, or CuteFTP is used. FTP is the most commonly used protocol for file transfers over the Internet, but unlike HTTP which is generally a one way transfer of data, FTP provides a means of allowing clients to upload files as well as download them, and is considerably easier to set up and maintain (www.pcstats.com, 2006).
With native FTP the system can only process username and password information in plain text. FTP is not the only protocol that sends everything in a clear text format. POP, IMAP, and Jabber are a few of the other protocols guilty of this. At issue is the fact that FTP is commonly used to upload and download files from/to many different kinds of systems. A hacker who sniffs mail servers can possibly read someone's private mail; however someone who sniffs a FTP password could possibly gain access to sensitive information and wreak havoc on the system. To compound the problem of usernames and passwords being sent in clear text form over the network or the Internet, the files themselves are also uploaded and downloaded without the benefit of any encryption.
So the next question is "What can be done to ensure that my FTP site is secure and that the data contained within it is protected from prying eyes"?
* One way is to not allow certain users from using the FTP site. To ensure that the FTP site is secure and does not allow access by a hacker, there are a few steps one can take.
It is important to remember that FTP is not secure. It is our responsibility
...
...