Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, January 5, 2012 7:06 PM
hi all
does ftp transfers all data in clear text or only password ?
if all date , so it doesn't have any security. right ?
any idea
All replies (2)
Thursday, January 5, 2012 9:23 PM ✅Answered
FTP is not a secure protocol so your user name and password is in clear text. However, when you are transferring data, you are not going to necessarily see string characters passing through the network. You are probably going to be transferring binary files, images, etc...
With the proper software, all of the FTP traffic can be captured and the packets can be put back in order and then the person who captured would be able to see what you sent over FTP.
If you needed to secure FTP, an easy way is to create a secure channel between the two systems first, such as a VPN tunnel, then run FTP through that tunnel. Anyone capturing the traffic would just see encrypted traffic.
Guides and tutorials, visit ITGeared.com.
Friday, January 6, 2012 4:27 AM ✅Answered
In addition, (and I posted this to your other thread, too at):
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/a1e2ff46-6ea9-4b1d-951d-4642d2aeed9d
Just to point out, this is one of the HUGE drawbacks of FTP, that is the username and password is clear text, and is a security nightmare because this data can be sniffed. What we usually do is set it toonly anonymous, and reject other forms of authentication else, this way usernames and passwords do not come across, and they are just logging in with the guest account.
THis is how public FTP sites are setup, for download only. If you allow uploading using anonymous, anyone scanning for open FTP sites will turn your FTP site into a "pub" site. Pirates use and publish 'pubbed sites" to their private boards for two reasons - bragging that they got in, and uploading and offering pirated movies, apps, music, 0day, etc. And they use hidden, Windows reserved and ASCII based characters (Windows is ANSI based), so you CAN'T see it on your own drive. There are ways to clean it up if you find yourself pubbed - I have a blog on how to clean it up.
If you need to allow uploading, to better secure it, it's suggested to use SFTP (secure FTP) or SSH using Putty, which is certificate based encryption to encrypt the session including authentication and the data.
I didn't see this thread first, or I would have posted it here first.
Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.