FTP is only acceptable when running an anonymous FTP server that distributes non-sensitive information. Many software...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
companies, for example, use this mechanism to distribute patches and other updates.
Fortunately, there are ways to secure FTP, and there are also safer alternatives to the protocol. If FTP must serve as the data transport method, the easiest way to bolt on encryption is to connect to a VPN first, provided that the VPN endpoint device is logically close to the server that you're connecting to. By default, a VPN offers encrypted communications over the Internet. Typically, a company will only let employees or close affiliates connect to its VPN, so this might not be an option in all circumstances.
If you're in a position to suggest an alternative protocol, go with a secure FTP (SFTP) client. It not only uses the same command syntax as a standard FTP client, but also adds encryption to secure the connection. There are many free SFTP clients available; I prefer the free PSFTP client.
More recent responses from Mike Chapple:
Dig Deeper on SSL and TLS VPN Security
Related Q&A from Mike Chapple
Encrypting data going to the cloud is a security best practice, but does it add extra challenges for regulators that might need to access the data? ...continue reading
Merchants that sell at off-site venues need to take extra care to follow PCI compliance standards. Expert Mike Chapple discusses how organizations ...continue reading
The FTC's order for PCI DSS compliance assessments is odd since PCI isn't a government regulation. Expert Mike Chapple explains the motivation ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.