FTP security risks and safer alternatives
Key points:
Do you use FTP to deploy or transfer files? Given the age-old nature of the protocol and its widespread popularity among many hosting companies, it can be said that you may be using it.
But, are you aware that this may cause security issues for you and your business? Let's dive into this situation in depth.
Programs such asFileZilla, CyberDuck, Transmit or Captain FTP, etc. can be safe. They may implement measures such as hiding passwords to prevent others from viewing. However, if you use FTP to transfer data, these measures will actually be weakened.
I said bluntly that the reason I wrote this was an interesting discussion on SitePoint in August. The discussion focused mainly on FileZilla, making a series of assertions about how unsafe it is (or not).
A key aspect of the debate focuses on whether passwords should be stored with FileZilla. One of the comments links to a descriptive article that shows that although your credentials are hidden when using the software, they are easily retrieved if you save them.
If you haven't read this article, FileZilla will store the connection details in a simple XML file as follows:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><filezilla3></filezilla3>
<servers></servers>
<server></server>
<host>localhost</host>
<port>21</port>
<protocol>0</protocol>
<type>0</type>
<user>anonymous</user>
<pass>user</pass>
<logontype>1</logontype>
<timezoneoffset>0</timezoneoffset>
<pasvmode>MODE_DEFAULT</pasvmode>
<maximummultipleconnections>0</maximummultipleconnections>
<encodingtype>Auto</encodingtype>
<bypassproxy>0</bypassproxy>
<name>test site</name>
<comments> </comments>
<localdir> </localdir>
<remotedir> </remotedir>
<syncbrowsing>0</syncbrowsing>test site
>
>
>You can see that it stores a lot of information about the connection so you don't need to remember it. But please note that it also stores your password in plaintext?
Of course, when you use the program, it hides the password, as shown in the screenshot above, so it won't be read from your shoulders.
However, if you have access to the computer, it makes no sense to extract passwords from the computer. To be fair, in the latest version of FileZilla, password storage is not allowed by default.
Someone suggested that at least the configuration file should be encrypted, or set in a way that requests the master password before granting access, just like 1Password and KeePassX.
Louis Lazaris then links to a discussion on Stack Exchange in an attempt to refute this view. The following is the core content of this article:
You see, encrypting credentials require an encryption key, which needs to be stored somewhere. If you have malware running on your user account, they have as much as you (or any other application running at the same level). This means they will also be able to access the encryption key or the key that encrypts the encryption key, etc.
I believe the above assertion does not fully understand the design considerations of programs such as 1Password and KeePassX. Applications designed specifically as secure vaults for passwords and other secure information may not be as easy to crack as this answer suggests.
For example, a recent blog post by 1Password lists key mechanisms against hackers.
These include 128-bit and 256-bit symmetric keys, SHA512 and PBKDF2 encryption—and a range of other features for protecting accessed data files while preserving their ease of use and simplicity.
Therefore, it is incorrect to infer that using a secure encrypted vault is not actually more secure, especially given all of these available technologies.
However, the argument about whether credentials should be saved is irrelevant, as using FTP itself ignores a key point - your credentials and data are sent in plaintext. Don't believe me? Please read Why FTP is not safe on the Deccanhosts blog.
If you don't know, by using a simple grouping sniffer such as Wireshark, you can retrieve the username and password used, as well as any other credentials stored in the file you send, as well as the algorithm, database structure and stored in it. any other content.
Given that storing this information in .ini and configuration files for a long time has been a common practice, I suggest that a considerable amount of easy-to-download software such as WordPress, Joomla, etc. will be developed in this way.
FTP was not designed for security; it was designed as a public service. This design inherently contains a series of further assumptions that do not take into account security. Zend's senior software engineer Enrico Zimuel even said it further: Never use FTP - forever!
Yes, security changes came out later, but they were attached – not built-in. There is no protection against brute force attacks, and while SSH tunneling is possible, it is difficult because you need to encrypt commands and data channels. Therefore, your choices are limited. The difficulty coefficient is not always trivial when you try to implement them.
Are you a website administrator? Have you enabled chroot jail for your FTP users? If you are not familiar with the term chroot, it is a way to restrict user movement and access. Starting from the directory where they log in, they can go to any subdirectory, but cannot move outside of that directory.
Before I convince you that everything is terrible—not so. Some of the FTP programs around today—especially those mentioned above—also support some more secure FTP derivatives and alternatives. Let's take a look at them.
FTPS is secure FTP, just like HTTPS is secure HTTP, it runs on top of SSL (Secure Sockets Layer) and TLS (Transport Layer Security). User credentials and data are no longer sent in plain text; instead, they are encrypted first and then transmitted.
If the server allows, the client software also has the flexibility to encrypt only part of the communication, not all. Based on the current discussion, this seems counterintuitive.
However, if the transferred file has been encrypted, or information of any sensitive nature is not transmitted, then there may be no overhead required for encryption.
However, switching to FTPS does have a price (and price). Using FTPS requires generating a self-signed SSL certificate, or purchasing a certificate from a trusted certificate authority. Therefore, better security is available, but requires more effort and cost.
But before you back down, ask yourself, how much is your information worth to your business? This may convince you to stick with it.
Let's look at SFTP now. The SFTP or SSH file transfer protocol works differently than FTPS. SFTP is designed as an extension of SSH 2.0, which creates a normal FTP connection but executes it on an already encrypted connection. The FTP data stream itself is not safer than normal FTP, but the connection it runs is safer.
If you want to give up FTP, why take measures to give up halfway? Why use FTP? If you have SFTP installed, you have SSH tools installed; these tools provide you with a variety of features.
From SSH itself, it provides full user access to remote systems, allowing them to do more than standard FTP. Connections are secure and data can be easily copied from one system to another.
If you are a command line expert, you can even use tools such as Rsync on SSH.
In a simple use case, it can be used to recursively copy all files from a local directory to a directory on a remote computer. When the first run, all files are copied.
The second and later runs, it checks for file differences, transfers only different, newer files, and has the option to delete local files and directories that no longer exist on the remote computer.
The problem is that granting this access is a security issue in itself. But the effect can be reduced. OpenSSH allows many configuration options such as not allowing root access, restricting users who can log in remotely, and chrooting users to specific directories.
Maybe users don't need to be on a remote computer at all, or they don't need a lot of permissions when they're there. If so, and most likely, you can choose from a number of shells designed to adapt to these situations.
The two best are scponly and rssh. Scponly allows users to copy files to remote computers only.
Users cannot log in, move, view or change files. The good thing is that it can still use rsync (and other tools). rssh goes a step further, allowing access to SCP, SFTP, rdist, rsync and CVS.
To implement it, the system administrator simply change the user's shell using the tool of their choice, and then edit /etc/rssh.conf to list the allowed protocols. Here is a sample configuration:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><filezilla3></filezilla3>
<servers></servers>
<server></server>
<host>localhost</host>
<port>21</port>
<protocol>0</protocol>
<type>0</type>
<user>anonymous</user>
<pass>user</pass>
<logontype>1</logontype>
<timezoneoffset>0</timezoneoffset>
<pasvmode>MODE_DEFAULT</pasvmode>
<maximummultipleconnections>0</maximummultipleconnections>
<encodingtype>Auto</encodingtype>
<bypassproxy>0</bypassproxy>
<name>test site</name>
<comments> </comments>
<localdir> </localdir>
<remotedir> </remotedir>
<syncbrowsing>0</syncbrowsing>test site
>
>
>This configuration allows users to use SCP and SFTP only.
Next, let's consider the SSH key. This process requires some explanation, but I will try to make it short and concise, rewrite this answer on Stack Exchange a lot:
First, the server's public key is used to build a secure SSH channel by negotiating a symmetric key that will be used to protect the remaining sessions, enabling channel confidentiality, integrity protection, and server authentication. After the channel function is secure, user authentication will be performed.
Next, the server creates a random value, encrypts it with the user's public key and sends it to them. If the user is the user they should be, they can decrypt the challenge and send it back to the server, which then confirms the user's identity. This is a classic challenge-response model.
The key benefit of this technology is that the private key never leaves the client and does not send any username or password. If someone intercepts SSL traffic and is able to decrypt it (using a corrupted server private key, or if you accept the wrong public key when connecting to the server) - your private details will never fall into the hands of the attacker.
When used with SCP or SFTP, this further reduces the amount of work required to use them while improving security. SSH keys may require a password to unlock the private keys, which seems to make them more difficult to use.
However, there are tools that can link this to your user session when you log in to your computer. Once correctly set, the password will be automatically provided to you, so you can make the most of the system.
Maybe you haven't heard of this term before, but it's been around for a while. We've written about it before on SitePoint, just last week. Continuous delivery created by Martin Fowler is defined as:
A software development discipline, you build software in such a way that the software can be published to the production environment at any time.
There are many ways to implement it, but services like Codeship and Beanstalk largely eliminate the pain.
The following is a rough metaphor for how it works. You set up your software project, including your test code and deployment scripts, and store all of this under version control. I'm assuming you're using an online service, such as GitHub or Bitbucket.
After commit or publishing in your code branch, the service will run tests of your application every time it is pushed to one of these services. If the test passes, your application will be deployed, whether it is testing or production.
As long as everything goes well, it will then automatically handle the deployment for you. You will then receive a notification that the deployment will be successful or failed.
If successful, you can proceed to the next feature or bug fix. If something goes wrong, you can check it to find the cause of the problem. Check out the short video below which shows the process of actually deploying a test repository using Codeship.
What do you have to do? Push commits to Github repository - that's it! You don't need to remember running scripts, where the scripts are, options and switches to pass them (especially when it's late on Friday night, you'd rather be anywhere than work).
I understand that this is fairly simple and doesn't cover all the options and subtleties, but you get what I mean.
Finally, let's move from the basic security issues of using FTP to the effectiveness of everyday use. For example, suppose you are developing a website, such as an e-commerce store, and your deployment process uses FTP, especially FileZilla. Here are some inherent problems related to human error:
Are all files uploaded to the correct location?
Okay, manually transferring files, in short, is just asking for trouble. Human errors are too difficult to avoid.
Apologize to FileZilla
My key point is in FTP itself, not just FileZilla.
Summary
But what are your ideas? Are you still using FTP? Have you considered migration? Share your experience and the solutions you have tried in the comments so we can all work hard to find a practical and easy-to-use solution.
Although FTP programs are useful for file transfer, they also have some security risks. The main problem is that FTP does not encrypt data, which means that all transmitted information, including sensitive data (such as usernames and passwords), are sent in plain text. This makes it easy for cybercriminals to intercept and abuse this information. In addition, FTP is vulnerable to attacks such as brute force attacks, packet capture and spoofing attacks. These risks can lead to data breaches, unauthorized access and other serious security issues.
There are several ways to mitigate the risks associated with FTP programs. One of the most effective ways is to use a secure version of FTP, such as SFTP or FTPS. These protocols encrypt data during transmission, making it difficult for cybercriminals to intercept. Additionally, using strong, unique passwords and regularly updating them can help prevent brute-force attacks. It is also important to keep FTP programs updated, as updates usually contain security patches.
FTP or file transfer protocol is a standard network protocol used to transfer files from one host to another over the Internet. However, it does not provide any encryption. SFTP or Secure File Transfer Protocol is a secure version of FTP, which uses SSH (Security Shell) to encrypt data during transmission. FTPS or FTP Secure is another secure version of FTP, which is encrypted using SSL (Secure Sockets Layer) or TLS (Transport Layer Security).
Yes, FTP is still widely used today, especially in enterprise environments for transferring large files or batch files. However, due to its security breaches, many organizations are turning to safer alternatives such as SFTP or FTPS.
To determine if your FTP program is secure, you should check if it uses encryption during file transfer. Secure versions of FTP, such as SFTP and FTPS, encrypt data during transmission. You can usually find this information in the program's documentation or settings. Additionally, secure FTP programs should provide features such as strong password mandatory, two-factor authentication, and regular updates.
Yes, using VPN (virtual private network) with FTP programs can enhance security. VPN encrypts all data sent over the internet, including your FTP traffic. This can help protect your data from being intercepted by cybercriminals.
Some security alternatives to FTP include SFTP, FTPS, and SCP (Secure Replication Protocol). These protocols all use encryption to protect data during transmission. In addition, cloud-based file transfer services often offer powerful security measures, including encryption, two-factor authentication, and access control.
Brute force attack is a type of cyber attack where an attacker tries to access the system by guessing passwords. Since FTP sends passwords in plaintext, it is particularly vulnerable to brute-force attacks. If an attacker successfully guesses the password, they can access the system without authorization and may steal or manipulate data.
Spoofing attacks (the attacker pretends to be a legitimate user or device) can be a serious threat to the FTP program. To prevent these attacks, you can use secure versions of FTP using encrypted, such as SFTP or FTPS. Additionally, using strong, unique passwords and updating them regularly can help prevent spoofing attacks.
Packet capture, also known as packet sniffing, is a method used by cyber criminals to intercept and analyze when packets are transmitted over the network. Since FTP does not encrypt data, it is particularly susceptible to packet capture. Attackers can use this method to steal sensitive information, such as usernames and passwords. To prevent packet capture, you should use secure versions of FTP using encrypted, such as SFTP or FTPS.
The above is the detailed content of Are FTP Programs Secure?. For more information, please follow other related articles on the PHP Chinese website!
How to make charts and data analysis charts in PPT
Kindeditor usage tutorial
The difference between counta and count
Build an Internet server
The difference between vscode and vs
How to solve the slow download problem of Baidu Netdisk
How to solve the problem that this copy of windows is not genuine
What does uplink port mean?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
