FTP Server Encryption

Posted on 2009-04-23
Last Modified: 2013-12-09
Hi Folks,

I have a few basic questions about setting up a new FTP server.

I hope to get a server like ipswitch FTP server, gene6 or titanftp as these are encrypted. Does this mean that when a user connects to my FTP server (even with a basic ftp client), that their username/password, uploads and downloads are encrypted?

do the clients need any encryption software on their end?

Another question regarding disaster recovery -
I'm looking to back up this data to another site - what would be the best way of doing this? would it be to replicate the data in realtime as I'd like our FTP server to be available 24/7 even if our network on our primary site went down..

Thanks in advance,

Question by:madamada999

    Assisted Solution


    rsync is a good way to replicate data between servers, at least in a unix environment. This can also be tunneled in SSH for encryption.
    LVL 16

    Accepted Solution


    The user client will need encryption capability, but most clients do these days.  On the server side you'll need to enforce 'Strict' security to make sure authentication and session data are encrypted.  You'll probably be using FTP/TLS SSL security.  SFTP, or Secure FTP, is a deprecated standard.  One thing you may need to do is get an SSL Certificate for the Server.  You can buy one pretty cheap or roll your own with OpenSSL or Microsoft Certificate Server.

    There are tons of replication solutions, one may be RSYNC which is supported on all OS platforms.  

    It all depends on your platform.

    Good Luck,

    - gurutc

    Author Comment

    Thanks for your help so far!

    so if the client does not have encryption capability the data will not be encrypted...will they even be able to connect to the server?

    I think we use a program called replistor at the moment... to replicate the data!


    LVL 16

    Assisted Solution

    Here's more rsync:

    The windows client part, NASBACKUP, does not require a rocket scientist.

    This solution is how we do synchronization over a large WAN.  This includes some hosts backing up over the Internet.

    We protect 3 Terabytes per night from 200 remote servers with a backup strategy using RSYNC.  These include both Windows and Netware servers and some XP desktops also.  Our centralized backup file server runs OpenSuse 10 and has a combination of both RAID SCSI and USB External drives attached.  Then, each day, we back up the Linux box using a Windows server with a tape jukebox attached and running CA ArcServe.  That way we get a daily snapshot to tape allowing us to do a scheduled rotation.

    This means we are following the Golden Rule of Backups, which applies no matter how much data you back up, which is this:  Always have 2 separate backup copies of important data.  And it's better if they are different types of media.

    If you set your backup up and run it, you'll eventually get the chance to see how it worked.  We've restored over 30 servers with the system I described without any data loss.  The solution I described is scalable all the way down to a small workgroup network.

    RSYNC has done what no commercial software seemed to be able to do: give us a good working backup system for our enterprise.  It uses very efficient synchronization and compression algorithms to move the changes from our distributed servers. It also can run over a Secure Shell Connection automatically.   Here's a link to the RSYNC Project:

    Here's the Novell RSYNC forum:

    And here's a good resource for RSYNC on Windows:

    Here are two more good RSYNC Windows links:

    The NASBackup Project is a neat Open Source effort to make a gui-based RSYNC client for Windows.  It works very well.

    More info:  RSYNC uses an algorithm that only sends the changes in the file systems.  This algorithm is so efficient that i can even get down to only sending the changed blocks in an individual file without having to send the whole file.  It works very well for us even over DSL/Cable speed connections.

    - gurutc
    LVL 16

    Assisted Solution

    If the server is in strict mode, then no connection, period.

    You can set it to do both depending on what the client requests.

    - gurutc

    Author Comment

    Thanks for that guys!

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Understanding FTPS File transfer is a common requirement in most Enterprises. While there are numerous ways to get a file from Point A to Point B over a network, perhaps the most common method still in use is FTP – File Transfer Protocol. FTP is …
    We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
    Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now