Ask the Expert

Will FTP ever be a secure way to transfer files?

Do you think FTP will ever be a secure way to transfer files to and from servers? What do you believe FTP is best used for and why?

    Requires Free Membership to View

No, plain old File Transfer Protocol (FTP) will never be a secure way to transfer files for one simple reason: it doesn't use any type of encryption. This means that anyone who can eavesdrop on the connection -- basically, anyone with access to a network segment between you and the server -- can view the contents of files as they're transmitted. Even worse, FTP uses unencrypted authentication, so the eavesdropper can view a username and password, and then use those credentials to connect to the server themselves.

FTP is only acceptable when running an anonymous FTP server that distributes non-sensitive information. Many software companies, for example, use this mechanism to distribute patches and other updates.

Fortunately, there are ways to secure FTP, and there are also safer alternatives to the protocol. If FTP must serve as the data transport method, the easiest way to bolt on encryption is to connect to a VPN first, provided that the VPN endpoint device is logically close to the server that you're connecting to. By default, a VPN offers encrypted communications over the Internet. Typically, a company will only let employees or close affiliates connect to its VPN, so this might not be an option in all circumstances.

If you're in a position to suggest an alternative protocol, go with a secure FTP (SFTP) client. It not only uses the same command syntax as a standard FTP client, but also adds encryption to secure the connection. There are many free SFTP clients available; I prefer the free PSFTP client.

More recent responses from Mike Chapple:

  • How expensive are IPsec VPN setup costs?
  • Is it possible to identify a fake wireless access point?
  • This was first published in November 2007

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: