Business Web Hosting since 2005
New!

FTP over SSL

By on November 18, 2011 in TerraNetwork Hosting

FTP

FTP is is the method by which you can down and upload files from a server.

FTP login details are a desirable target for hackers, giving easy access to your site’s files. Not surprisingly, the PCI consortium which looks after security standards for online merchants has taken an interest in FTP security, and in May 2011 raised the threat level of plain text FTP login to Critical as plain text FTP login can be exploited.

PCI compliancy is required from all merchants who accept payments directly on their website, for example via PayPal Pro or SagePay. And as of May 2011, any merchant undergoing PCI testing is likely to fail if plain text FTP login is enabled on the server. McAfee have already raised the level to 4 (fail). Security Metrics is expected to follow suit.

For customers hosted by us this means that plain FTP login is being phased out from our servers. So if plain FTP login is out, what can you use instead? Two options: a) use FTP over SSL which is works for all FTP logins and is supported by all major FTP programs; or b) use SFTP/SSH.

Both methods are already support by our servers, so even if plain FTP login is currently still working for you, we’d recommend to switch to a secure method now.

For tutorials on this & step-by-step guides for popular FTP browsers, please head over to our knowledgebase: https://support.terranetwork.net/web/knowledgebase/138/FTP–FTP-over-SSL-and-SSH.html.

FTP program password storage warning

FileZilla XML

Some FTP programs such as FileZilla store FTP login details in plain text on your PC/Mac. Hence, even if the connection is securely encrypted with FTP over SSL, the stored FTP logins is easily obtained should the machine become infected with malware.

Hence, with programs such as FileZilla which do not encrypt the stored data, the FTP login details should never be stored. Instead, enter the details afresh with each connection request.

Looking at programs that do employ encryption for stored passwords such as Ipswitch WS_FTP, the situation is better but not perfect. Passwords are encrypted, so a casual malware attack won’t be able to get them; but a hacker intent on obtaining the password can break it.

In my view, storing a password for frequent FTP use is likely to be a necessity. Using an FTP program that encrypts stored FTP logins is a must, and Ipswitch WS_FTP is the one I’d recommend. But equally important is the overall security of the PC/Mac.

No comments yet.

Leave a Reply

Facebook

Twitter

LinkedId

Google Plus

Follow Me on Pinterest

  • Simple mini black icons which includes 12 icons within the set in total. The icons would be perfect to be used within mobile interface design.

    Pinned: 15 Mar 2013

  • Egg-shaped social icons. All icons in PNG format and in 4 different sizes (512x512px, 256x256px, 128x128px, 64x64px)

    Pinned: 15 Mar 2013

  • Crisp is a brand new free social media icon set produced exclusively for the readers of Visual Swirl. It consists of 25 professionally designed round icons for social media sites. Also included are a few miscellaneous icons (mail, rss, and apple) that can be used to complete a sharing section on your blog or website. The package contains icons in PNG format in 3 convenient sizes: 128x128px, 64x64px, and 32x32px.

    Pinned: 15 Mar 2013

  • Up for grabs is a beautiful set of social icons. This free download includes a PSD file will fully editable shape layers, plus 56 icon variations in PNG format.

    Pinned: 15 Mar 2013

  • This is a set of 64 balloon icons which covers most of the popular social network and sharing tools icons. The set is free for both personal and commercial use.

    Pinned: 15 Mar 2013

  • This freebie is simply a variation of the Google+ icon, I’ve created the icon set available to be used within commercial and non commercial design projects. The icon set comes in three different sizes 32px x 256px ,128px x 128px, and 64px x 64px.

    Pinned: 15 Mar 2013

  • Free Hand-drawn social media icons set contains pretty much every icon you will ever need while covering social media. This icons set includes 30 hand-drawn social media website icons which are Rss, Facebook, Twitter, Myspace, LinkedIn, Behance, Flicker, Dribbble, Youtube, Tumbler, Yahoo, Google, Reddit, Digg, StumbleUpon and many more in 3 different sizes (64x64px, 48x48px, 32x32px).

    Pinned: 15 Mar 2013

  • This free icon set, by WordPressThemeShock, consists of 10 icons for social media sites, as well as common content-sharing icons like an RSS feed icon and an email icon. Each icon comes with its own editable source file (in .AI format) so that you can easily modify the icons as you see fit. The theme of this icon set freebie is centered on 3D and wooden textures.

    Pinned: 15 Mar 2013

  • Blueprint Social is a set of 16 free icons for major social network in a blueprint style which matches our other free icon set Blueprint Adobe. In this version it features Facebook, Twitter, Google, Delicious, Flickr, StumbleUpon, Design float, WordPress, RSS, Furl, Mixx, Blogger, DeviantArt, Linkedin, Vimeo.

    Pinned: 15 Mar 2013

  • A simple red subtle grunge social media icon set. The icons can be used within commercial and non commercial design projects.

    Pinned: 15 Mar 2013