Highest Voted 'ftp' Questions - IT Security Stack Exchange

97

votes

7 answers

Does FTPS (FTP+S) offer better security than SFTP on the server side?

I had an exchange with some third party sysadmin yesterday regarding the setup of a file transfer interface between our servers. I suggested using SFTP because our application has good support for it. My interlocutor absolutely wants FTP+S (FTP+TLS)…

ssh ftp sftp

asked Apr 28 '16 at 07:47

Stéphane C.

972
1
7
8

40

votes

8 answers

Is it safe to store passwords on Google drive?

In the past I have seen having a Google drive document and have FTP username/passwords there. Is storing passwords in Google drive a good practice?

password-management ftp google-apps

asked Aug 12 '14 at 10:17

secuaz

519
1
4
6

28

votes

9 answers

Is it safer to use a port other than 21 for FTP?

Usually (as far as I know), FTP uses port 21. Since this port is used for FTP so often, is it safer to use another port? My guess is that if someone with malicious intentions tries to break FTP accounts, they will try port 21.

ports ftp

asked Aug 18 '16 at 13:46

Kevin

473
1
4
5

27

votes

1 answer

Why is it better to use ports 20 and 53 as source ports when portscanning?

I read that if a server is inside a DMZ behind a stateless firewall, it is a good idea to use ports 20 and 53 as source ports when conducting port scanning. Why is this a good idea? I guess the firewall will most likely not filter FTP and DNS data?

dns ports ftp port-knocking

asked Aug 01 '16 at 13:57

AdHominem

3,006
1
16
26

25

votes

7 answers

Should I use FileZilla?

Recently, an increasing number of people have started advising moving away from FileZilla. However, the only reason I can see for this is that FileZilla stores the connection information in a completely unencrypted form, but as Mozilla says - surely…

password-management ftp

asked Jul 22 '13 at 09:59

Andy

501
1
4
10

21

votes

1 answer

SFTP, FTPS and SecureFTP differences and security implications

What are the basic differences and security implications of using SFTP, FTPS and SecureFTP.

network tls ftp

asked Nov 29 '10 at 01:28

Eric Warriner

3,251
3
24
20

21

votes

3 answers

Secure FTP access; best practices

We have several web applications (B2B, B2C eCommerce) to which developers have access in order to upload files. I need to ensure FTP part is well secure. What is the best way(s) to go about it? Currently, I've: Changed port number, and Set a static…

defense ftp

asked Oct 25 '12 at 03:04

Smart Bird

321
1
2
5

19

votes

5 answers

Can https be used instead of sftp for secure file transfers?

My company works with financials, and we are required to transfer files containing non-public consumer information securely between our company and our clients. The usual solution is to go with sftp for file transfers, however many of our clients…

tls pci-dss ftp

asked Nov 14 '12 at 15:20

Rachel

293
1
2
6

15

votes

3 answers

Bruteforce attack on my FTP server

I recently setup VSFTPD on my personal server for sharing files over FTP. In the vsftpd.log file, i see hundreds of failed attempts to login with usernames like "adminitrator" , "adminitrator1", "adminitrator2", "adminitrator123" etc. I am surprised…

network brute-force hardening ftp exposure

asked Aug 08 '11 at 07:32

18bytes

885
1
10
12

13

votes

5 answers

Is it worth the effort to store FTP passwords encrypted?

I have a project to build a system that needs to push files to multiple third-party FTP servers. I have asked these third parties to provide a more secure interface; all have declined. So now I have this problem: I can implement some kind of…

encryption passwords ftp client

asked Jul 17 '12 at 17:53

kojiro

579
4
11

13

votes

1 answer

Does ISO 27001 allow a company to use FTP?

On a project I had to use unsecured FTP to connect to the hosting provider - not SFTP, not FTPS. The hosting provider proudly claims it's ISO 27001 certified. Somehow this all seemed quite wrong to me. Is it possible that a company gets ISO 27001…

compliance ftp iso27001

asked Oct 29 '15 at 11:35

the

1,841
2
16
33

12

votes

3 answers

FTP hacked, planted file

Can anyone help me to understand what this does? Someone has planted a file with this piece of code on my server.It is shortened because it cannot fit the question, but just to have some idea what could it be.

php virus apache ftp

asked Apr 09 '15 at 21:43

user72138

121
1
3

12

votes

5 answers

How insecure is FTP?

Okay, we know the drill: don't use FTP, use SFTP or FTPS. But what exactly is the risk being posed? The files themselves are sent unencrypted, and this may be fine, or disastrous, depending on what the code in them contains. But, if we're dealing…

encryption file-upload ftp sftp

asked Aug 19 '18 at 20:03

Stumbler

503
4
7

10

votes

4 answers

Should I tunnel multiple TCP connections through a TLS/SSL tunnel or use TLS/SSL for each connection?

I am developing an application that runs on Windows PCs. The application is able to connect to some kind of devices within a LAN. It can create multiple TCP-connections to the device it is connected to. I want to secure every single TCP-connection…

tls ftp tunneling

asked Nov 14 '13 at 07:54

WMEZ

341
2
11

10

votes

4 answers

If I try to log into the wrong host with FTP do they now have my credentials?

Say I make a typo in the host name. Are my credentials now somewhere in the wrong hosts server log? Should I go about changing my credentials just in case now?

ftp

asked Mar 02 '12 at 16:27

Serhiy

203
1
5

1

2 3

…

8 9 Next

Questions tagged [ftp]