Re: What is the difference between ftp encryption types SSL, TLS, SFTP and SSH ?
- From: Douglas Mayne <doug@xxxxxxxxxxxxxxxxx>
- Date: Sun, 17 Dec 2006 09:14:41 -0700
On Sun, 17 Dec 2006 12:00:42 +0000, Marcus Mender wrote:
I have seen a couple of different encryption types for ftp connections:I don't know that much about this, other than to refer these links:
TLS
SSL
SFTP
SSH
Ok, provided an ftp server offers all these types: which type should I choose
to setup the ftp server or to select from the ftp clients view ?
Is the security for all these types similar and the difference refers only
different protocols?
What are the pros and cons ?
Marcus
SFTP: http://en.wikipedia.org/wiki/SSH_file_transfer_protocol
FTPS: http://en.wikipedia.org/wiki/FTPS
ssh based solutions appear to have an advantage (IMO) because the
authentication can be certificate based. For example, configure ssh
not to accept passwords, and set a rate limit firewall rule to minimize
brute force attacks which attempt to gain access by guessing a valid
username/password pair. You would generate a certificate for valid users
and then send it to them (perhaps by email.) The passphrase which
unlocks the passphrase can be revealed by some other method (telephone?).
Another consideration...
Giving someone access (read/write) to a file repository on your system
can be a good way for communicating large files back and forth. The
problem is that you cannot control how careful the person given access
will be maintaining the secrecy of their access method. If someone else
obtains the credentials, they can act as an imposter to gain access to
the files in the repository. Therefore, I have recommended using strong
encryption for sensitive data which is sent to the repository. That way,
only the files will be readable by the intended recipicient only For
example, no matter what method is used to transmit the files, a strong
encryption tool, such as gpg, should be used also. This method overcomes
the unencrypted nature of email.
Sender -> encrypts file for recipient
Sender -> places file in repository using some protocol
Recipient -> retrieves encrypted file from repository
Recipient -> uses gpg to decipher the message.
The "con" to this method is that it requires manual setup and user
interaction. The "pro" is that it is a very secure channel (IMO).
--
Douglas Mayne
.
- Prev by Date: Re: What is the difference between ftp encryption types SSL, TLS, SFTP and SSH ?
- Next by Date: Re: What is the difference between ftp encryption types SSL, TLS, SFTP and SSH ?
- Previous by thread: Re: What is the difference between ftp encryption types SSL, TLS, SFTP and SSH ?
- Next by thread: Re: What is the difference between ftp encryption types SSL, TLS, SFTP and SSH ?
- Index(es):
