Is FTP Secure?

Category: Security

I got a warning that FTP was not secure any more and that I should go to WinSCP for a fix. I am not very tech-savvy, so I depend on you to keep my computer healthy. So - is this something I should do? And if you're wondering how an idiot like me can have a website to ftp to, all my younger relatives help me.

News Flash: FTP Not Secure... Film at 11

The answer is YES -- a plain vanilla FTP (file transfer protocol) session is not secure. That's because your userid and password are sent in the clear (without any encryption) to the remote server when you log in. Further, the contents of the files you are transferring are sent unencrypted as well. So there is a chance that someone could intercept your login details or snoop inside the file while it's being transferred over the public Internet. It's very much like making a credit card purchase over the phone; someone *could* be listening in on the conversation.

This is nothing new... FTP has always been an unsecured method of moving files. But because there are so many Evil Hackers out there nowadays, it's just not wise to do something that could effectively give the keys to your kingdom to an unscrupulous person.

Using Secure FTP

That's why Secure FTP was developed. If your FTP software supports the SCP or SFTP protocol (look in the help or options screen to find out) then you needn't worry. Just make sure you're using one of those protocols, and your login & file data will be encrypted before sending.

When I first learned about this exposure, I checked to see if my favorite FTP program (CuteFTP) would do encrypted file transfers. To my surprise, it did not. And to my annoyance, the upgraded version which DID support encryption carried a $50 price tag. I had already paid for the CuteFTP program and a couple of upgrades over the years. But paying for security was a tough pill to swallow.

Secure FTP for Free?

Needless to say, I started poking around for a free FTP program that supported the SCP or SFTP protocol. I found that many people were recommending WinSCP, an open source secure FTP client for Windows. In addition to offering secure file transfer between a local and a remote computer, WinSCP also works as a basic file manager.

If you are a Mac user, check out Fugu or Rbrowser. If you're looking for secure FTP from a command line instead of a graphical interface, PSFTP works on Windows and Linux systems.

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 18 Aug 2005


For Fun: Buy Bob a Snickers.

Prev Article:
Free Virus Scan

The Top Twenty
Next Article:
Virus Ruins Hard Drive?

Most recent comments on "Is FTP Secure?"

Posted by:

Bert
23 Aug 2005

I find another free program FileZilla a better secure FTP program than WinSCP mainly because FileZilla also offers a non-secure connection when you can't use secure FTP. See https://sourceforge.net/projects/filezilla/


Posted by:

kraester
24 Aug 2005

I've used Core FTP Lite (the free version of the company's Core FTP Pro software) for a few years now. It supports SSL/SFTP. I find it very easy to use. I haven't used too many other Windows-based FTP clients so I don't know if the following features are "normal" or not, but I especialy like the default two-pane screen where you can see full directory listings of both the local and remote drives, and the fact that I can save multiple connections' settings that I can switch between quickly and easily. (I'm probabaly not explaining that well; it's basically like an address book for your FTP sites, where you just click on the nickname to connect to the desired site.)

I used a text/UNIX FTP client early in my career, and then didn't need an FTP client for many years. Core FTP Lite was only the second Windows-based client I tried, but as I said, I find it easy to use, and it does what I need it to do, so I have no plans or desire to stop using it now. As always, of course, your mileage may vary. :)


Posted by:

Ken Laninga
24 Aug 2005

Bob, I downloaded WinSCP but did not run it yet; my friend did and he wrote: "Well, I reckon I don't care for it at all. Couldn't get the darn thing to connect. Kept getting the same error message with no obvious solution. Their slow online help pages mentioned the problem. No good solution as far as I was concerned.

I looked for others and downloaded and am testing these two:
http://www.coreftp.com/
http://www.glub.com/products/secureftp/

EDITOR'S NOTE: It's possible the server he was trying to contact is still in the dark ages and does not support secure connections. If so, switching to another SFTP client will not help.


Posted by:

Bob Deloyd
25 Aug 2005

Bob thanks for the heads-up on a secure FTP. I've been updating my website for years without any encryption. Yikes I had no idea about that! I just downloaded WinSCP and the Core FTP. I am leaning towards the WinSCP because its opensourse. Now I just hope that my server isn't in the "Dark Ages" //bob


Posted by:

Primefalcon
04 Jul 2009

Actualy Linux has a wonderful pair programs called

openssh-client
openssh-server

their names are pretty self explanatory, not to mention a lot of file managers in Linux such as nautilus support sftp/ssh and more, most *nix systems come with openssh-client already installed


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Is FTP Secure? (Posted: 18 Aug 2005)
Source: http://askbobrankin.com/is_ftp_secure.html
Copyright © 2005 - Bob Rankin - All Rights Reserved