Re: FTP Encryption



Richard Whalen wrote:
RFC4217 "Securing FTP with TLS" could be considered a standard for data
encryption for FTP.
There are some implementations available, but not necessarily for all
platforms.

Encrypting/Decrypting outside of the transfer is asking for someone to skip
the step, either accidentally, or due to being in a hurry and feeling that
the extra step takes too much time that is not "necessary". Of course if
you don't want to install an application on all the sites involved, this is
your only choice.

RFC4217 also addresses the problem of protecting the users' password during
the login process.


"Chuck" <skilover_nospam@xxxxxxxxxxxxxx> wrote in message
news:cYsVh.1448$Qp.1201@xxxxxxxxxxx
chrislewis21@xxxxxxxxx wrote:
Is there an industry standard for data encryption via FTP? We have
multiple sites with whom we transfer files but don't want to have to
install a client side app on their servers...

Thanks,
Chris

If it must be FTP, then you need to encrypt the file before sending it.
And of course the remote site must have a compatible decrypting program.

We use GNU Privacy Guard for such file transfers.

http://www.gnupg.org/



It still requires changes on the remote end doesn't it? They need to add
support TLS.
.



Relevant Pages

  • Re: firewalls that can ssl ftp?
    ... Secure Transfers ... Bruce Schneier's Blowfish encryption for data transfers. ... Secure SSL based Web Administration Portal ... Works with other FTP Clients/Servers ...
    (Security-Basics)
  • Re: FTP Encryption
    ... RFC4217 "Securing FTP with TLS" could be considered a standard for data ... encryption for FTP. ... platforms. ... install a client side app on their servers... ...
    (comp.security.ssh)
  • RE: Encryption for FTP/MAil/Web
    ... Subject: Encryption for FTP/MAil/Web ... Tunneling ftp through ssh ... ssl-ftp can encrypt the control & data channel; ... As for ssl-ftp servers, I only found one RFC compliant one for Windows; ...
    (Security-Basics)
  • Re: How to secure FTP?
    ... >> So I am also hearing in this thread that secure FTP isn't really ... It's meant more for encryption than anything else? ... > and password are required by the server in order to log on, ... > other mechanisms (such as SSL) that are supported by a number of third ...
    (microsoft.public.inetserver.iis.ftp)
  • RE: Encryption for FTP/MAil/Web
    ... Subject: Encryption for FTP/MAil/Web ... SSH only encrypts the authentication process, ... Im not quite sure on what SSL FTP daemons are out there, ...
    (Security-Basics)