FTP and Security
The FTP protocol (file transfer protocol) is used to send and retrieve files from remote servers. FTP is very old and was not designed with security in mind. Unfortunately with every FTP transaction, hackers can intercept your username and password.
Recently there has also been a significant increase in PC-bourne spyware which collects this information and sends it to hackers. Thousands of websites on the Internet are compromised on a daily basis, which results not only in expensive recovery costs to the owners, but also major inconvenience.
So why do people still use FTP?
Actually that question is not easy to answer. I would hazard a guess that most still use FTP simply out of habit. Change takes effort, and if something worked in the past, there is always the expectation that it will continue to work until otherwise indicated.
There is a very secure way to send and retrieve files from remote locations. To move files to a server, the SFTP (Secure FTP) protocol is preferred as your login credentials are encrypted, as are the files being sent.
Basically what happens with SFTP is that first a secure tunnel is set up with SSH and then the FTP session happens inside of this tunnel transparently.
Most FTP clients and website editors are able to communicate with a server using SFTP by simply changing a setting in your connection information to use SFTP instead of FTP. The interface doesn't change and the way the user performs their tasks does not change either.
Since it's so simple to secure your file-based communications, why don't more people adopt this?
Even better - the FTP protocol should simply be switched off at the server level. That would force people to use SFTP and eliminate a whole lot of hacking.
-Andreas
Posted: 2009-11-11 10:34:54
Comments
Add a Comment
