[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 344
  • Last Modified:

approach to securing ftp service ?

as you know, information transferred betwen ftp client and server are not protected. So please tell me how many approach to secure ftp service ? which are they ? compare them ?
Now which approach is most widely used ? if you can please give me some technical documents about these approach.

I wanna got a perspective view of securing ftp service. Thanks in advance.
0
hoaivan
Asked:
hoaivan
  • 2
1 Solution
 
chris_calabreseCommented:
Some options...

Use regular old FTP, but encrypt and sign the files with PGP or similar.

Use FTP/SSL (aka ftps) - This is an IETF standard-tack extension to FTP, but not yet widely implemented. See http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html

Abandon FTP and use SFTP, the FTP-like interface to SSH. You have to be careful to setup the accounts so that they can only be used for SFTP and not also for regular command-line login, though.

Abandon FTP and use HTTP/S (yes, it can do both uploads and downloads). There are a variety of Perl and PHP modules out there to make this easy to do.

Tunnel the existing FTP connection in IPsec.

Use a commercial file transfer product such as ValiCert (actually uses ftps under the hood in this case).
0
 
hoaivanAuthor Commented:
thanks.
But which approach is and will be the most widely use ? Is FTP over SSL ? I found that many ftp server and client support it.
0
 
chris_calabreseCommented:
IBM has been pushing FTP/SSL on the mainframe, asd as a result Rumba and other mainframe-centraic players have added SSL support to their FTP offerings.

However, it is not yet popular in the Unix or Windows words, where SSH is much more popular.

That could change with the introductoin of the next version of wu-ftpd, which supports FTP/SSL. No word on when that will be out, though (it's been in the works for a couple of years now)
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now