2.5 File Transfer
Transferring of files generally speaking should almost always be secured. Plain vanilla FTP (File Transfer Protocol) sends data in clear text. FTP uses port 20 and 21 for data and control on both TCP and UDP225. That means account information such as passwords is subject to being read. Additionally, because data is also transmitted without encryption, files being transferred are subject to alteration via a man-in-the-middle attack. These issues are more of a concern in some environments (say, an Internet user logging in to the companys FTP server across a public net connection) than in others (when FTP is being used over an internal VPN). For those situations in which the plaintext nature of FTP is inappropriate, a potential solution is S/FTP, discussed in the next section.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.