SSL

SSL (Secure Sockets Layer) has become a critical security tool due to the prevalence of e-commerce and online business.  Designed to ensure privacy for communications made over the internet, SSL can provide excellent security for an FTP connection.  Secure Sockets Layer is a protocol that utilizes symmetric cryptography to facilitate data encryption and maintain the utmost privacy.  All messages transferred over the internet are sent in ciphertext, which is essentially unreadable characters that prevent unauthorized parties from viewing the contents of the file.  One of the best qualities of SSL is that it offers a extensible framework that allows you to incorporate other encryption schemes for an added layer of protection.

TLS

TLS (Transport Layer Security) is another encryption-based security protocol used to ensure data integrity and privacy between two computers communicating over the internet.  This protocol consists of two components: TLS Record Protocol and TLS Handshake Protocol, both of which ensure privacy during internet-based communications in their own unique way.  Just like SSL, it is highly extensible and supports the incorporation of new encryption methods in the framework.  However, TLS is the successor to SSL and thus often considered to be slightly more secure.

SSH

SSH (Secure Shell) is a security protocol and method that provides encrypted channels for internet communications.  This mechanism is often used to provide protection when executing commands on a remote computer, making it perfect for FTP.  With SSH, you can create an encrypted tunnel between you and your users’ computers and protect that information from unauthorized third-parties.  Due to its efficiency and dependability, many FTP hosting service providers use SSH to provide customers with the maximum protection for their file transfer needs.

If you are someone who would like to benefit from all that File Transfer Protocol has to offer, keep in mind that FTP alone does not protect the files you transfer over the internet.  FTP itself does not have any encryption features, therefore provides little to no security at all.  For this reason, you should strongly consider a solution that offers SFTP or secure FTP.  While this type of service is normally coupled with protection by way of SSH, it offers the best of all the security solutions mentioned in this article.  That is strong digital encryption designed to keep sensitive information from prying eyes.

Beware of FTP Attacks

FTP is ideal for transferring files to a remote location.  However, you should know that in its purest form, this protocol is far from secure.  FTP transmits your data over a network in plain text.  If the transmission is intercepted, the contents of those files can be viewed by unauthorized parties.  Furthermore, a knowledgeable hacker can use the FTP server as an entrance into your website.  This is done by repeatedly trying to logon with an incorrect user password.  In most cases, the profile is disabled after reaching the maximum threshold of three sign in attempts, thus giving the hacker all the ammunition they need to launch the attack.

The most effective way to protect yourself from an FTP password attack is through the use of an FTP server logon exit program.  This mechanism can provide security in the following ways:

Rejecting logon requests by any user profiles that you have not granted FTP access to.  With the use of an FTP server logon exit program, the logon attempts from the profiles you decide to block are not counted towards the maximum sign in count.

Limiting the number of clients from which a user profile is able to access the FTP server.  For instance, if someone from accounting is granted access, you can make configurations where only users with an IP address from the accounting department have FTP access.

Recording the credentials and IP addresses of all FTP logon attempts.  This allows you to regularly view the activity of each FTP logon attempt.  If a profile is ever disabled for reaching the maximum count, you can use their IP address, identify the perpetrator and handle the matter accordingly.

FTP Security Recommendations

Because FTP is naturally insecure, you may want to strongly consider backing it up with a reliable security mechanism.  The most highly recommended is Secure Sockets Layer, or simply SSL.  SSL is an encryption protocol that enables secure communications between the FTP server and client.  It ensures that transmissions are encrypted, maintaining confidentiality and integrity for all data that passes through.  This includes files as well as usernames and passwords.  Most FTP severs support SSL through the use of a digital certificate which also provides additional security with client authentication.

Though some recommend the use of anonymous FTP for the sharing of non-confidential data, this can be an even greater security risk.  With anonymous FTP, anyone can upload to your server without a username or password.   They could be transferring pirated software or malicious files.  Before taking such a gamble, be sure to weigh all the risks and take the appropriate measures to ensure that your FTP communications are secure.