Questions tagged [ftp]

File Transfer Protocol. A simple client server protocol for transfering a file over a network. Most operating system come with the client application. FTP provides no confidentiality or integrity to the data being trasfered.

130 questions
97
votes
7 answers

Does FTPS (FTP+S) offer better security than SFTP on the server side?

I had an exchange with some third party sysadmin yesterday regarding the setup of a file transfer interface between our servers. I suggested using SFTP because our application has good support for it. My interlocutor absolutely wants FTP+S (FTP+TLS)…
Stéphane C.
  • 972
  • 1
  • 7
  • 8
40
votes
8 answers

Is it safe to store passwords on Google drive?

In the past I have seen having a Google drive document and have FTP username/passwords there. Is storing passwords in Google drive a good practice?
secuaz
  • 519
  • 1
  • 4
  • 6
28
votes
9 answers

Is it safer to use a port other than 21 for FTP?

Usually (as far as I know), FTP uses port 21. Since this port is used for FTP so often, is it safer to use another port? My guess is that if someone with malicious intentions tries to break FTP accounts, they will try port 21.
Kevin
  • 473
  • 1
  • 4
  • 5
27
votes
1 answer

Why is it better to use ports 20 and 53 as source ports when portscanning?

I read that if a server is inside a DMZ behind a stateless firewall, it is a good idea to use ports 20 and 53 as source ports when conducting port scanning. Why is this a good idea? I guess the firewall will most likely not filter FTP and DNS data?
AdHominem
  • 3,006
  • 1
  • 16
  • 26
25
votes
7 answers

Should I use FileZilla?

Recently, an increasing number of people have started advising moving away from FileZilla. However, the only reason I can see for this is that FileZilla stores the connection information in a completely unencrypted form, but as Mozilla says - surely…
Andy
  • 501
  • 1
  • 4
  • 10
21
votes
1 answer

SFTP, FTPS and SecureFTP differences and security implications

What are the basic differences and security implications of using SFTP, FTPS and SecureFTP.
Eric Warriner
  • 3,251
  • 3
  • 24
  • 20
21
votes
3 answers

Secure FTP access; best practices

We have several web applications (B2B, B2C eCommerce) to which developers have access in order to upload files. I need to ensure FTP part is well secure. What is the best way(s) to go about it? Currently, I've: Changed port number, and Set a static…
Smart Bird
  • 321
  • 1
  • 2
  • 5
19
votes
5 answers

Can https be used instead of sftp for secure file transfers?

My company works with financials, and we are required to transfer files containing non-public consumer information securely between our company and our clients. The usual solution is to go with sftp for file transfers, however many of our clients…
Rachel
  • 293
  • 1
  • 2
  • 6
15
votes
3 answers

Bruteforce attack on my FTP server

I recently setup VSFTPD on my personal server for sharing files over FTP. In the vsftpd.log file, i see hundreds of failed attempts to login with usernames like "adminitrator" , "adminitrator1", "adminitrator2", "adminitrator123" etc. I am surprised…
18bytes
  • 885
  • 1
  • 10
  • 12
13
votes
5 answers

Is it worth the effort to store FTP passwords encrypted?

I have a project to build a system that needs to push files to multiple third-party FTP servers. I have asked these third parties to provide a more secure interface; all have declined. So now I have this problem: I can implement some kind of…
kojiro
  • 579
  • 4
  • 11
13
votes
1 answer

Does ISO 27001 allow a company to use FTP?

On a project I had to use unsecured FTP to connect to the hosting provider - not SFTP, not FTPS. The hosting provider proudly claims it's ISO 27001 certified. Somehow this all seemed quite wrong to me. Is it possible that a company gets ISO 27001…
the
  • 1,841
  • 2
  • 16
  • 33
12
votes
3 answers

FTP hacked, planted file

Can anyone help me to understand what this does? Someone has planted a file with this piece of code on my server.It is shortened because it cannot fit the question, but just to have some idea what could it be.
user72138
  • 121
  • 1
  • 3
12
votes
5 answers

How insecure is FTP?

Okay, we know the drill: don't use FTP, use SFTP or FTPS. But what exactly is the risk being posed? The files themselves are sent unencrypted, and this may be fine, or disastrous, depending on what the code in them contains. But, if we're dealing…
Stumbler
  • 503
  • 4
  • 7
10
votes
4 answers

Should I tunnel multiple TCP connections through a TLS/SSL tunnel or use TLS/SSL for each connection?

I am developing an application that runs on Windows PCs. The application is able to connect to some kind of devices within a LAN. It can create multiple TCP-connections to the device it is connected to. I want to secure every single TCP-connection…
WMEZ
  • 341
  • 2
  • 11
10
votes
4 answers

If I try to log into the wrong host with FTP do they now have my credentials?

Say I make a typo in the host name. Are my credentials now somewhere in the wrong hosts server log? Should I go about changing my credentials just in case now?
Serhiy
  • 203
  • 1
  • 5
1
2 3
8 9