Securely connecting to FTP







Hello List,

I have a question regarding the use of FTP as is often provided by ISPs.

A
lot of smaller ISPs will offer you a small, free bit of web hosting,
and you will use FTP to transfer the content to your assigned hosting
space.

It seems often all the information the ISP provides to
connect is the address and user credentials, and then you would enter
this into an FTP client to connect to your space. I am not all that
familiar with FTP, but looking at the options you seem to be able to try
to use SFTP on port 990(different protocol entirely-probably not
supported by ISP I would guess. I could not get it working in any case).
Trying to use FTP I am shown 4 options for encryption (None, SSL/TLS,
SSL or TLS), however attempting to connect with anything other than
'None' for the encryption would fail to connect.

So I have a couple of questions.

1) what are the implications of connecting FTP on port 21 with no encryption
-
my username and pass is sent plaintext to the server. Where can I or
where would I worry about being MiTM'ed ? My own LAN connection being
sniffed? any place inbetween my lan and the ISP server?

2) is it that smaller ISPs just don't provide this type of functionality, and you won't be able to encrypt while using FTP?
-
that is, is a secure ftp connection a bit of a premium that you pay
more for or need to look more specifically into other companies offering
"secure ftp services.", or should there be no reason why one ISP would
not be able to offer this service.

Thank you in advance.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: Database doesnt work
    ... And if the site has the FP SE don't FTP, ... |> within the website, and some DBresultpages to get the data displayed. ... Now according to my ISP i have to FTP ... |> the site to my domain and it should work, ASP is enabled on the server. ...
    (microsoft.public.frontpage.programming)
  • Re: How to secure FTP?
    ... >> So I am also hearing in this thread that secure FTP isn't really ... It's meant more for encryption than anything else? ... > and password are required by the server in order to log on, ... > other mechanisms (such as SSL) that are supported by a number of third ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: how to assign 2 IPs to server + using 2 isp ?
    ... > The problem with running two FTP front end servers is that i would need to ... Default Gateway and not the Nic it originally came in on. ... would be "helpless",...that is, the packet would get to the server from the ... have both ISP links comming into it (3 interfaces total with the FTP on the ...
    (microsoft.public.win2000.networking)
  • RE: Port 21 blocked by ISP
    ... My ISP only provides me with a dynamic ... > ftp server to use port 7721. ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: [SLE] KDE3.3.1
    ... On Tuesday 19 October 2004 07:16 am, Steve Kratz wrote: ... Are their any good FTP programs you know of? ... > goes right back on the server. ... then transfer them to the ISP that runs our webpage. ...
    (SuSE)