Tuesday, 30 October 2007

FTP

I've been using FTP for a few years. It's so simple, even I can understand it! Or so I thought. Plain FTP is very simple, but incredibly insecure (the password and all the data is transmitted in clear text!). It's also quite easily automated with a script, and luckily these work pretty much the same under Windows and OS400 / i5OS. See Thibault Dambrine's article & FAQ.

A few months ago I set up SSH FTP or SFTP (as a client). This is encrypted with Secure Shell. I've been using WinSCP to connect to some Linux boxes, and it has a perfectly good command line/scripted interface so was the obvious choice, and was nearly as easy as plain FTP, just had to set up certificates first.

Recently, however, I had a need for FTP SSL or FTPS. This gets complicated. Plain FTP clients usually default to passive mode to overcome problems at the firewall, and often there's a command to toggle passive or active mode. Also may firewalls are now FTP aware and will let FTP traffic through. However when the traffic is encrypted this isn't possible. Then there's the added complication of implicit or explicit mode, and even which parts are encrypted. I found some free command line FTPs clients, but only one came with some reasonable documentation MOVEit Freely from Standard Networks.

Not forgetting that another way of encrypting all traffic (not just FTP) is to use a Virtual Private Network or VPN. Can be faster, especially if your networking hardware is doing the encryption. If you're short on networking skills, or money/hardware can be expensive and not particularly scaleable.

No comments: