1

Can I use FortiClient VPN access to secure my FTP client transfers? Is it possible to route the FTP to use the VPN? Does it make sense to do it, is it secure if possible? The reason I am asking this is because I want to secure my access to remote Linux server w/o using Windows remote connect (the video remote connection, it is just so inconvenient).

Links to software - https://forticlient.com/, https://winscp.net/eng/download.php .

Thanks all!

Vitaliy Terziev
  • 113
  • 5

2 Answers2

2

FTP is an insecure protocol, you rightly want to improve on that.

There are several possibilities:

  • replacing it with a secured version of FTP, or moving into another transfer protocol such as SSH (the "SFTP" part)
  • tunneling the traffic via a VPN

You chose the second solution, it would be good to reconsider the first one to go for a native encryption of the protocol. There may be other considerations which push you towards a VPN, though.

If you use VPN, you have the following scenario:

  • the traffic between your client and the VPN gateway is secured
  • the traffic between the VPN gateway and your service (FTP in your case) is as secure as the protocol. Again in your case: not secure because FTP.

Depending on a plethora of elements, you may be OK or not with this unsecure part of the transfer. This will depend on your risk analysis, which is unique to your case.

As a side note - the vendor of the VPN does not matter for your question (provided that the implementation is correct)

WoJ
  • 8,957
  • 2
  • 32
  • 51
  • Thanks Woj, I have one more related question. Let's say that I go with SFTP, does it make sense to add an extra layer of security using VPN, maybe routing the SFTP traffic or maybe all my internet traffic by it? – Vitaliy Terziev Jun 26 '18 at 12:25
  • @VitaliyTerziev: form the confidentiality perspective (encryption) - no. You do not need an extra layer (which will possibly be the same BTW, using the same libraries). There are other considerations, such as the kind of authentication you have on the service. Maybe the VPN brings in two factor authentication, a certificate based authentication or something like that. It is worth taking into account. You can also implement this on the SFTP server but it may not be that straightforward. – WoJ Jun 26 '18 at 14:07
  • Thanks for your insights WoJ! I will stick with SFTP for now and explore further if the VPN brings something more to the table. – Vitaliy Terziev Jun 26 '18 at 15:54
  • @VitaliyTerziev: good luck. One thing you must be careful with is the mess around naming: FTPS vs SFTP vs SCP -- they are different services, of which some are fine and some not. – WoJ Jun 27 '18 at 07:26
0

Alternative to using SFTP and FTP under VPN tunner,

You could also use SSH, with SSH authentication with an SSH key only. For transferring file to and from the machines, you could use SCP (Secure Copy) which uses the SSH protocol for transferring files.

I would suggest PuTTY for SSH from Windows boxes.

Jay
  • 31
  • 1