Ftp Servers and Security - Three Methods That Secure Ftp Servers Use

FTP (File Transfer Protocol) has been the standard for file transfer since the early days of the internet. The most remarkable feature about FTP was that it was independent of the operating system. Files could be seamlessly transferred between Unix, Windows and any other operating system. The other neat feature about FTP was that a simple authentication mechanism consisting of a login name and a password could be used to restrict access to files. However, the actual data itself was transferred in plain text and it was easy to monitor and listen in on an FTP connection.

The internet itself had very negligible security built into it. Consisting of many smaller independent networks that stretched across the globe, the path that a packet of information took to get from point A to point B was unpredictable. With the widespread adoption of the internet, it became essential to be able to send many types of sensitive data with some amount of security. Netscape Communications solved the security problem on the internet by creating the Secure Sockets Layer Protocol (SSL) which used public key cryptography to encrypt data transmitted over the internet. This is still the preferred security mechanism and is implemented by all web browsers.

FTPS Encrypted File Transfer
Modifications to the FTP protocol were released to incorporate the use of SSL for encrypting file transfers over the internet. The modified mechanism is referred to as FTPS. In order to maintain backwards compatibility with FTP, an FTPS connection could either be explicit, where the connection between the client connection and the server starts out as regular FTP and then negotiates a secure connection, or implicit where the connection starts out being encrypted.

HTTPS Encrypted File Transfer
Since a web browser is already capable of encrypting data using SSL, simple downloads and uploads can be performed directly from a web browser using the HTTPS protocol. This means that special FTP Client software is not needed.

SFTP Encrypted File Transfer
The Secure Shell protocol also known as SSH was developed by Tatu Ylonen to enable secure access to remote shells using public key cryptography and replace Telnet and other insecure shells. This protocol has since evolved to also support a file transfer mechanism known as SFTP. The main advantage of this mechanism is that it did not require the opening of a second data channel connection for transferring files.

All of these three methods of secure file transfer are based on public key cryptography and all of them are equally capable of securing the transfer of sensitive files across the internet. The only drawback of these methods is that there is a data increase associated with encrypting files. There is also a performance overhead associated with encrypting the files at the source and decrypting them at the destination. Because of this, system administrators sometimes use regular FTP for file transfers within a secured internal network. However, for transferring files over the internet, this is a small price to pay in exchange for the peace of mind that sensitive files reach their destination without being intercepted or tampered with.

Article Source: http://www.articlesbase.com/security-articles/ftp-servers-and-security-three-methods-that-secure-ftp-servers-use-605745.html

About the Author:
Okay, you now know all about secure file transfer. If you are looking for a secure FTP server to run on your windows system that can support all three secure file transfer mechanisms, be sure to visit http://www.sysax.com/ and download Sysax FTP Server.