
	Home > Ask the Security Experts > Network Security Questions & Answers > How to secure an FTP connection

Ask The Security Expert: Questions & Answers

EMAIL THIS

How to secure an FTP connection

EXPERT RESPONSE FROM: Mike Chapple

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 27 February 2008
We are attempting to FTP a file from our iSeries to a Unix system. The secure connection is set up via a VPN tunnel. Can you offer some best practices to enable the connection without opening ourselves up to security risks?

EXPERT RESPONSE
It sounds like you've already taken some strong measures toward securing your FTP connection. The first and most important step is to realize that FTP is an inherently insecure protocol and must be implemented only in the presence of compensating controls. FTP uses unencrypted connections, leaving both the data you transfer and your credentials exposed to eavesdropping attacks. This can be remedied this through the use of encryption, either by using Secure FTP (SFTP), which tunnels FTP through an encrypted SSH connection, or by using a VPN to encrypt the traffic.

Second, follow normal user security principles. If you're not running an anonymous FTP download service, provide each user with a unique username and strong password that they may use to access your FTP server.

Finally, configure your systems in a secure manner. Ensure that the FTP server is running a modern operating system and has all current security patches applied. Verify firewall settings and ensure that you allow the minimum number of ports from as few destinations as possible while still meeting business requirements.

More information:

Will FTP ever be a secure way to transfer files to and from servers?

Learn more about how some companies have plugged their FTP holes with secure FTP servers.

Sound Off! -

Be the first to post a message to Sound Off!

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Network Security
	Will Cisco's plan to open access to the IOS improve network security?
	Will VoIP attacks result in more than just spam?
	Should enterprises implement a mandatory iPhone VPN?
	Will organizations that lag behind on IPv6 adoption have greater security risks?
	Should iPhone email be sent without SSL encryption?
	DMVPN configuration: Is an additional firewall needed between the router and the Internet?
	Is centralized logging worth all the effort?
	What are the pros and cons of shaping P2P packets?
	Should an ISP keep corrupted machines off of a network?
	Can a firewall alone effectively block port-scanning activity?

SSL

How to test the security of personal details submitted to a website

Should enterprises implement a mandatory iPhone VPN?

Should iPhone email be sent without SSL encryption?

Can Trojans and other malware exploit split-tunnel VPNs to infiltrate a network?

What are the risks of connecting a Web service to an external system via SSL?

What is the most secure way for application developers to manage cookies?

Secure file copying with WinSCP

Should an IT staff be concerned with a network's physical security?

Will FTP ever be a secure way to transfer files?

Secure remote access: Closing the Windows Mobile Smartphone loophole

Enterprise Data Protection

Are open recursive DNS servers inherently insecure?

Penetration testing: Helping your compliance efforts

Worst practices: Learning from bad security tips

The ins and outs of database encryption

RSA attendees see data classification, rights management projects stumble

Worst practices: Encryption conniptions

Does FTPS encrypt data packets at the hardware or software level?

Should disks be encrypted at the hardware level?

Is Triple DES a more secure encryption scheme than DUKPT?

Will a platform-as-a-service (PaaS) environment put data at risk?

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

SSL VPN (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Advanced Search | Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy