Intranet Journal   Earthweb  
Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts

   Intranet Journal Subjects
Search Earthweb

Privacy Policy
 

[ Home | Discussion Forum | How Do I... | Lotus Notes Intranets | Microsoft SharePoint | Products | Shopping  ]

free news!
Quality Management ROI Calculator - Focus on Test Automation
The Rational Quality Management ROI calculator is intended to give you an idea of what return you can garner from implementing our functional testing solutions. Our quality management solutions offer tools to develop a continuous process, powered by automation to govern software delivery. »
Gartner MarketScope: Application Quality Management Solutions, 1Q 08
This Gartner MarketScope provides guidance for enterprises seeking to purchase tools to manage risk and software quality. We focus on tools fit for large-scale enterprise use and that are ready out of the box to manage quality requirements and functional testing. »
Whitepaper: Tips for Writing Good Use Cases
Writing a good use case isnt easy, but, fortunately, our experience can be your guide. The concepts and principles assembled here represent the works of many people at IBM, and they form a foundation of proven best practices. »
Whitepaper: The Role of Integrated Requirements Management in Software Delivery
Learn about the critical role integrated requirements management can play in helping ensure your business goals and IT projects are continuously aligned-whether you are sourcing, integrat-ing, building or maintaining your software. It also looks at ways that integration and automation can help ensure managing projects and the required changes can be executed using manageable processes that satisfy stakeholders and development teams. »

Speed, agility, flexibility - The HP BladeSystem c-Class.

Secure FTP 101

Laura Taylor
08/14/02

Go to page: 1  2 

Printer Friendly Version

Network engineers and systems administrators have been using FTP to send files back and forth to and from remote systems since the early days of the Internet. FTP stands for file transfer protocol, and the FTP program is part of every reputable TCP/IP stack. Though we've all grown used to using FTP for the bulk of our file transfer needs, using it securely is becoming more important today than ever before. Here's a primer on secure FTP that will help you understand it's practical application.

Technology Background
Keeping the files on your intranet in top working order and keeping your e-business alive seems to require moving files around endlessly to keep things organized. System and network administrators use FTP to update DNS zone maps, update web sites, transfer user data, move around database files, and endless other chores to keep filesystems and hard drives tidy. Moving files from here to there is the heartbeat of the Internet. The nice thing about FTP is that it allows you to move files easily between systems that use similar or different operating systems, file structures, and character sets.

FTP has been defined and redefined numerous times by the Internet Engineering Task Force (IETF) in a series of standards documents known as RFCs. (RFC stands for Request for Comments). Today, RFC 959 by Postel and Reynolds, 1985, is the official standard for FTP. You can read this RFC in its entirety on the IETF website at http://www.ietf.org.

Problems with Ye Ol' Standard FTP
FTP was originally defined in the early 1970s to transfer files to and from various ARPANET nodes. However, there are a few problems with ye ol' standard FTP that we all grew up with in the early days of the Internet. First of all, it doesn't use strong authentication. It is based on password logins which can be guessed, or discovered by cybercriminals using a sniffer. Even if the password is not guessed or sniffed, with standard FTP none of the files being transferred to and from their destinations are encrypted. FTP sends files in clear plain-text exposing them to the plethora of bad guys out there who have nothing better to do than violate the privacy of others, pilfer confidential information such as credit card information, and attempt to obtain classified information that could compromise national security.

Files being transferred by FTP are also vulnerable to man-in-the-middle attacks where data is intercepted and then altered before sending it back on its way. Another scenario where using secure FTP is critical is during web site updates. Without secure FTP, it is very easy to hack a web site and edit it with digital graffiti. All a hacker has to do is find out the IP address of the web site using a reverse ping on the domain name, and then set up a sniffer to run 24 hours a day on the IP address to sniff and log the login connection. As soon as the web master logs in to update the site, the hacker's sniffer can grab and record the password and login information. Using the login information, hackers can then download the site's web pages onto their own computer. After downloading the website, hackers then can use any number of HTML editors to edit the website with graffiti, fraudulent news, or anything else, and then FTP it back to its real home on the Web using the login and password they sniffed earlier. The main reason that web sites get hacked is because they are being updated with insecure FTP transfers. There are other ways that web sites can get hacked (due to improper OS and incorrect server configurations) but using secure FTP certainly reduces the probability of hacks due to insecure file transfers and logins.

Secure FTP Product Landcape
Various products have been developed to resolve the security problems with FTP. These products vary in their solution to FTP security. Vendors who make these products have taken FTP and secured it by building in strong authentication and encryption. One of the challenges with implementing encryption is that some of the encryption solutions are expensive and complex to implement requiring both sending and receiving parties to have the same encryption software implemented on both ends of the file transfer. For example, if you use a VPN to secure your FTP file transfers it requires implementing VPN software, or a VPN appliance, at each end point. If digital certificates are used for implementing a VPN or secure FTP, proper key exchanges must be made, and private keys need to be secured.

Most secure FTP products use encryption and X.509 certificates. X.509 certificates are composed of multiple attributes including public keys used for asymmetric public key cryptography. For performance reasons asymmetric encryption is not used for bulk encryption, but instead used to encrypt the keys used to encrypt/decrypt the data using symmetric encryption. Using public key cryptography enables a secure key exchange to be made so that the symmetric keys used to encrypt and decrypt the data are not compromised. The symmetric keys are used to unlock the encrypted session so that the data can be decrypted for reading. There are numerous encryption algorithms used in secure FTP products including: DES, 3DES, CAST-128, Blowfish, AES-128, and others.

Go to page: 1  2 

Printer Friendly Version

Of Interest
· Intranet eXchange Discussion Board

email this page

Tutorials
and more at:
Intranet Journal's Tutorials
Intranet Journal Favorites

Creating a PHP-Based Content Management System

The Spyware Guide

Introduction to Microsoft SharePoint Portal

Intranet Journal
Part of the EarthWeb Network

Managing Editor
Intranet Journal
Tom Dunlap

EarthWeb Home Page
Jupitermedia Home Page

Media Kit





JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
Solutions
Whitepapers and eBooks
IBM eBook: Planning a Service Oriented Architecture
IBM eBook: Choosing the Right Architecture--What It Means for You and Your Business
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Avaya Article: Using Intelligent Presence to Create Smarter Business Applications
Intel Go Parallel Article: Getting Started with TBB on Windows
Microsoft Article: 7.0, Microsoft's Lucky Version?
Avaya Article: How to Feed Data into the Avaya Event Processor
IBM Article: Developing a Software Policy for Your Organization
Microsoft Article: Managing Virtual Machines with Microsoft System Center
Intel Go Parallel Article: Intel Threading Tools and OpenMP
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
HP Video: StorageWorks EVA4400 and Oracle
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
 Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
Red Gate Download: SQL Toolbelt and free High-Performance SQL Code eBook
Iron Speed Designer Application Generator
 MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
Silverlight 2 App and Walkthrough: Leverage Silverlight 2 with SQL Server and XML
IBM Article: Enterprise Search--Do You Know What's Out There?
HP Demo: StorageWorks EVA4400
 Microsoft Article: The Progress and Promise of Deep Zoom
Microsoft How-to Article: Get Going with Silverlight and Windows Live
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES