Is FTP Secure?
I got a warning that FTP was not secure any more and that I should go to WinSCP for a fix. I am not very tech-savvy, so I depend on you to keep my computer healthy. So - is this something I should do? And if you're wondering how an idiot like me can have a website to ftp to, all my younger relatives help me. |
News Flash: FTP Not Secure... Film at 11
The answer is YES -- a plain vanilla FTP (file transfer protocol) session is not secure. That's because your userid and password are sent in the clear (without any encryption) to the remote server when you log in. Further, the contents of the files you are transferring are sent unencrypted as well. So there is a chance that someone could intercept your login details or snoop inside the file while it's being transferred over the public Internet. It's very much like making a credit card purchase over the phone; someone *could* be listening in on the conversation.
This is nothing new... FTP has always been an unsecured method of moving files. But because there are so many Evil Hackers out there nowadays, it's just not wise to do something that could effectively give the keys to your kingdom to an unscrupulous person.
Using Secure FTP
That's why Secure FTP was developed. If your FTP software supports the SCP or SFTP protocol (look in the help or options screen to find out) then you needn't worry. Just make sure you're using one of those protocols, and your login & file data will be encrypted before sending.
When I first learned about this exposure, I checked to see if my favorite FTP program (CuteFTP) would do encrypted file transfers. To my surprise, it did not. And to my annoyance, the upgraded version which DID support encryption carried a $50 price tag. I had already paid for the CuteFTP program and a couple of upgrades over the years. But paying for security was a tough pill to swallow.
Secure FTP for Free?
Needless to say, I started poking around for a free FTP program that supported the SCP or SFTP protocol. I found that many people were recommending WinSCP, an open source secure FTP client for Windows. In addition to offering secure file transfer between a local and a remote computer, WinSCP also works as a basic file manager.
If you are a Mac user, check out Fugu or Rbrowser. If you're looking for secure FTP from a command line instead of a graphical interface, PSFTP works on Windows and Linux systems.
This article was posted by Bob Rankin on 18 Aug 2005
| For Fun: Buy Bob a Snickers. |
 |
Prev Article: Free Virus Scan |
The Top Twenty |
Next Article: Virus Ruins Hard Drive? |
 |
Post your Comments, Questions or Suggestions
|
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Is FTP Secure? (Posted: 18 Aug 2005)
Source: https://askbobrankin.com/is_ftp_secure.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Is FTP Secure?"
Posted by:
Bert
23 Aug 2005
I find another free program FileZilla a better secure FTP program than WinSCP mainly because FileZilla also offers a non-secure connection when you can't use secure FTP. See https://sourceforge.net/projects/filezilla/
Posted by:
kraester
24 Aug 2005
I've used Core FTP Lite (the free version of the company's Core FTP Pro software) for a few years now. It supports SSL/SFTP. I find it very easy to use. I haven't used too many other Windows-based FTP clients so I don't know if the following features are "normal" or not, but I especialy like the default two-pane screen where you can see full directory listings of both the local and remote drives, and the fact that I can save multiple connections' settings that I can switch between quickly and easily. (I'm probabaly not explaining that well; it's basically like an address book for your FTP sites, where you just click on the nickname to connect to the desired site.)
I used a text/UNIX FTP client early in my career, and then didn't need an FTP client for many years. Core FTP Lite was only the second Windows-based client I tried, but as I said, I find it easy to use, and it does what I need it to do, so I have no plans or desire to stop using it now. As always, of course, your mileage may vary. :)
Posted by:
Ken Laninga
24 Aug 2005
Bob, I downloaded WinSCP but did not run it yet; my friend did and he wrote: "Well, I reckon I don't care for it at all. Couldn't get the darn thing to connect. Kept getting the same error message with no obvious solution. Their slow online help pages mentioned the problem. No good solution as far as I was concerned.
I looked for others and downloaded and am testing these two:
http://www.coreftp.com/
http://www.glub.com/products/secureftp/
EDITOR'S NOTE: It's possible the server he was trying to contact is still in the dark ages and does not support secure connections. If so, switching to another SFTP client will not help.
Posted by:
Bob Deloyd
25 Aug 2005
Bob thanks for the heads-up on a secure FTP. I've been updating my website for years without any encryption. Yikes I had no idea about that! I just downloaded WinSCP and the Core FTP. I am leaning towards the WinSCP because its opensourse. Now I just hope that my server isn't in the "Dark Ages" //bob
Posted by:
Primefalcon
04 Jul 2009
Actualy Linux has a wonderful pair programs called
openssh-client
openssh-server
their names are pretty self explanatory, not to mention a lot of file managers in Linux such as nautilus support sftp/ssh and more, most *nix systems come with openssh-client already installed