We are attempting to FTP a file from our iSeries to a Unix system. The secure connection is set up via a VPN tunnel. Can you offer some best practices to enable the connection without opening ourselves up to security risks?

    Requires Free Membership to View

It sounds like you've already taken some strong measures toward securing your FTP connection. The first and most important step is to realize that FTP is an inherently insecure protocol and must be implemented only in the presence of compensating controls. FTP uses unencrypted connections, leaving both the data you transfer and your credentials exposed to eavesdropping attacks. This can be remedied this through the use of encryption, either by using Secure FTP (SFTP), which tunnels FTP through an encrypted SSH connection, or by using a VPN to encrypt the traffic.

Second, follow normal user security principles. If you're not running an anonymous FTP download service, provide each user with a unique username and strong password that they may use to access your FTP server.

Finally, configure your systems in a secure manner. Ensure that the FTP server is running a modern operating system and has all current security patches applied. Verify firewall settings and ensure that you allow the minimum number of ports from as few destinations as possible while still meeting business requirements.

More information:
  • Will FTP ever be a secure way to transfer files to and from servers?
  • Learn more about how some companies have plugged their FTP holes with secure FTP servers.
  • This was first published in March 2008

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: