Home page logo

basics logo Security Basics mailing list archives

Re: Secure FTP
From: Michael Louie Loria <mlloria () lorztech com>
Date: Tue, 27 Mar 2007 16:04:34 -0700

FileZilla Server supports SFTP

jbeauford () EightInOnePet com wrote:

MaddHatter wrote:
We have a public facing FTP server that we would like to secure.
          ... What is the best way to secure this FTP server?  I've =
tried SFTP, but was just curious as to what else is out there.
There's nothing you can do to "fix" FTP. _If_ you really want FTP,
SFTP (a separate draft standard based on ssh) is the way to go. You
could direct customers to a popular and user-friendly client such an
WinSCP (http://winscp.net). For the server, you could use OpenSSH
through Cygwin or something similar (the price is right -- free). My
favorite is WinSSHD (http://www.bitvise.com/), which is reasonably
priced. Or there's lots of less-reasonably-priced commercial

For other ideas, there's also SSL-FTP (traditional FTP wrapped in
SSL), which seems to have fallen out of favor. You could use normal
FTP but require clients connect to an encrypted VPN before initiating
the FTP session (*ick*).   

For your application, you probably don't need FTP at all. Here's what
I'd suggest. Make an SSL-protected web page to authenticate your
clients and allow them to upload files via a web form. You have
complete control over the interface, what happens to the files, who
can put what where, and all the security concerns. It's all your
company's code, so nobody else can decide to change/remove the one
essential feature you need(ed). Your customers certainly already have
a web browser, so they don't need to download and learn to use
another foreign program. If you're a Windows shop -- and it sounds
like you are -- you can just add onto the IIS setup you're already
using, no need to install, configure, maintain, and secure another
service. I think the cheapest SSL certificate provider right now is

Attachment: signature.asc
Description: OpenPGP digital signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]