Is FTP Secure?

Category: Security

"I got a warning that FTP was not secure any more and that I should go to WinSCP for a fix. I am not very tech-savvy, so I depend on you to keep my computer healthy. So - is this something I should do? And if you're wondering how an idiot like me can have a website to ftp to, all my younger relatives help me."

Email Article

Comment

Bookmark

Free Internet Faxing

Free Credit Reports

Convert Itunes to MP3

Free Registry Cleaners

Free Antivirus Programs

Free Satellite TV on PC

Internet Explorer 8

Magic Jack Phone

Make Windows Faster

Check out this week's
most popular articles.

News Flash: FTP Not Secure... Film at 11

The answer is YES -- a plain vanilla FTP (file transfer protocol) session is not secure. That's because your userid and password are sent in the clear (without any encryption) to the remote server when you log in. Further, the contents of the files you are transferring are sent unencrypted as well. So there is a chance that someone could intercept your login details or snoop inside the file while it's being transferred over the public Internet. It's very much like making a credit card purchase over the phone; someone *could* be listening in on the conversation.

This is nothing new... FTP has always been an unsecured method of moving files. But because there are so many Evil Hackers out there nowadays, it's just not wise to do something that could effectively give the keys to your kingdom to an unscrupulous person.

Using Secure FTP

That's why Secure FTP was developed. If your FTP software supports the SCP or SFTP protocol (look in the help or options screen to find out) then you needn't worry. Just make sure you're using one of those protocols, and your login & file data will be encrypted before sending.

When I first learned about this exposure, I checked to see if my favorite FTP program (CuteFTP) would do encrypted file transfers. To my surprise, it did not. And to my annoyance, the upgraded version which DID support encryption carried a $50 price tag. I had already paid for the CuteFTP program and a couple of upgrades over the years. But paying for security was a tough pill to swallow.

Secure FTP for Free?

Needless to say, I started poking around for a free FTP program that supported the SCP or SFTP protocol. I found that many people were recommending WinSCP, an open source secure FTP client for Windows. In addition to offering secure file transfer between a local and a remote computer, WinSCP also works as a basic file manager.

If you are a Mac user, check out Fugu or Rbrowser. If you're looking for secure FTP from a command line instead of a graphical interface, PSFTP works on Windows and Linux systems.

	Send this article to a friend.
	Jump to the Comments section.
	Follow me on Twitter.
	Buy Bob a Snickers.
	Check out other articles in this category:

Posted by Bob Rankin on August 18, 2005 03:36 PM

Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!

Prev Article:
Free Virus Scan

	Send this article to a friend
	The Top Twenty

Next Article:
Virus Ruins Hard Drive?

Link to this article from your site or blog. Just copy and paste from this box:

Related Keywords: Security ftp secure ftp WinSCP encryption encrypted ftp secure file transfer Fugu Rbrowser Tunnelier CuteFTP PSFTP

Most recent comments on "Is FTP Secure?"

Posted by:
Bert
23 Aug 2005

I find another free program FileZilla a better secure FTP program than WinSCP mainly because FileZilla also offers a non-secure connection when you can't use secure FTP. See https://sourceforge.net/projects/filezilla/

Posted by:
kraester
24 Aug 2005

I've used Core FTP Lite (the free version of the company's Core FTP Pro software) for a few years now. It supports SSL/SFTP. I find it very easy to use. I haven't used too many other Windows-based FTP clients so I don't know if the following features are "normal" or not, but I especialy like the default two-pane screen where you can see full directory listings of both the local and remote drives, and the fact that I can save multiple connections' settings that I can switch between quickly and easily. (I'm probabaly not explaining that well; it's basically like an address book for your FTP sites, where you just click on the nickname to connect to the desired site.)

I used a text/UNIX FTP client early in my career, and then didn't need an FTP client for many years. Core FTP Lite was only the second Windows-based client I tried, but as I said, I find it easy to use, and it does what I need it to do, so I have no plans or desire to stop using it now. As always, of course, your mileage may vary. :)

Posted by:
Ken Laninga
24 Aug 2005

Bob, I downloaded WinSCP but did not run it yet; my friend did and he wrote: "Well, I reckon I don't care for it at all. Couldn't get the darn thing to connect. Kept getting the same error message with no obvious solution. Their slow online help pages mentioned the problem. No good solution as far as I was concerned.

I looked for others and downloaded and am testing these two:
http://www.coreftp.com/
http://www.glub.com/products/secureftp/

EDITOR'S NOTE: It's possible the server he was trying to contact is still in the dark ages and does not support secure connections. If so, switching to another SFTP client will not help.

Posted by:
Bob Deloyd
25 Aug 2005

Bob thanks for the heads-up on a secure FTP. I've been updating my website for years without any encryption. Yikes I had no idea about that! I just downloaded WinSCP and the Core FTP. I am leaning towards the WinSCP because its opensourse. Now I just hope that my server isn't in the "Dark Ages" //bob

Post your Comments, Questions or Suggestions

	Ask Bob Rankin Home Page Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved

Need tech support? Go ahead... Ask Bob about computers, technology, gadgets or the Internet!