FTP is a simple protocol that, if implemented correctly, can make it easy to send, retrieve and store files. The technology isn’t groundbreaking, but it does the job. But are FTP servers secure? What are the FTP server security risks?
The biggest limitation of FTP is that, by itself, it’s not inherently secure. When determining whether or not to use FTP for a given application, it’s important to evaluate the confidentiality of the content. If security is a concern, there are many options available to safeguard your files.
One way to do this is by using a secure protocol such as FTPS (FTP over SSL). FTPS is secure FTP and works similarly to the way HTTPS (secure HTTP) works in a browser. FTPS is a standard security technology for establishing an encrypted link between a web server and a browser, allowing FTP to run through an encrypted SSL tunnel. Another secure protocol is SFTP. SFTP isn’t a secure version of FTP, but is actually a different protocol that is innately secure.
Another way to keep files safe is by disabling anonymous access on your server. In many FTP servers, there is actually a user named “anonymous.” If you use anonymous access, make sure that this user is locked into their home directory and has read-only privileges. This helps to keep the data that’s stored on the server from being accessed by unauthorized users.
Intelligent password policies can also be implemented. Tougher passwords are obviously tougher to hack. Your server should allow the administrator to enforce policies on password length and what type of characters must be used. Requiring a password to include both upper and lower-case letters, at least one number, and at least one special character will add exponentially to the number of password possibilities. And a minimum length of eight characters also makes the password much more difficult to guess.
FTP servers are relatively inexpensive and easy to install. So, are FTP servers secure? With proper setup, yes, they can be implemented as a secure solution. Arming yourself with good information can reduce FTP server security risks.