Secure Your FTP Transfers
4 comments | Posted: 27 December 05 in General, by Ryan Hargave
As more and more web designers get out of the home or office and take advantage of the increase in wireless access points (A.K.A. your local coffee shop), the problem of websites being hacked could rise at the same rate if we are not careful. The majority of web developers should care about this, but they just don’t know what they need to do to be secure, nor do they know what tools to use. Surprisingly, the answer is fairly simple.
One of the most dangerous things a designer can do across a public (nonsecure) wireless connection is to start a FTP transfer of files to their remote server. The reason is that when you make that connection, you are doing it in an unsecured environment and therefore putting your username and password right out in the open. Even novice hackers can use sniffing programs to pull that data off of the wireless network, giving them full access to your server. Two steps later, they find your database connection file and they now have access to your database data as well. Best case is that you show up the next day to work to find all your files gone, worst case is that one year from now your client informs you that someone contacted them with a list of credit card numbers that went through their site and now this hacker wants them to pay.
So what can be done about it? Thankfully there is a protocol called SFTP which uses SSH to establish a secure connection to your server. It uses public key authentication and enhanced protection against spoofing the FTP session, to secure your data transfers. This will ensure that all your data that is sent across the wireless network is secured including your username and password. The easiest part is that most standard FTP clients will give you the option to turn on SFTP with a checkbox in the options. If yours does not, you may try a client such as FileZilla, CuteFTP, Fetch, WinSCP or WS FTP Pro
It’s really that simple. There are, however, a few drawbacks of which you need to be aware. SFTP will typically use port 22 (normal FTP uses port 21) which may be blocked on some wireless access points. Your remote server must also support SFTP, which most Unix style servers do. Windows servers, however, are fairly hit and miss. If either of these is an issue, try to contact the wireless access point provider and/or your hosting provider to resolve these issues. Please don’t press your luck. Look for alternate methods such as running a server on your local PC or creating a VPN to ensure secure transfers.
This article just scratches the surface of security when working over an unsecured wireless connection. Things such as checking your POP3 email can be just as vulnerable and require certain settings and/or procedures to ensure you are safe. While there are many of articles dealing with securing email, I have yet to see any that deal with things such as FTP transfers. If you are curious or need a starting point for securing your email, Stopdesign’s article, Secure wireless email on Mac OS X will give more than a primer on it. Don’t let the title fool you, as the majority of information presented is cross-OS applicable. Hopefully this will keep you more secure while trying to get the projects completed over that large coffee at the coffee shop.
Discuss This Topic
Comments closed after 2 weeks.