Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)

Previous Topic/Section
2.4.2  LDAP
Previous Page
Pages in Current Topic/Section
1
Next Page
2.5.1  S/FTP
Next Topic/Section

2.5  File Transfer

Transferring of files generally speaking should almost always be secured. Plain vanilla FTP (File Transfer Protocol) sends data in clear text. FTP uses port 20 and 21 for data and control on both TCP and UDP225. That means account information such as passwords is subject to being read. Additionally, because data is also transmitted without encryption, files being transferred are subject to alteration via a man-in-the-middle attack. These issues are more of a concern in some environments (say, an Internet user logging in to the company’s FTP server across a public net connection) than in others (when FTP is being used over an internal VPN). For those situations in which the plaintext nature of FTP is inappropriate, a potential solution is S/FTP, discussed in the next section.

FTP

FTP uses TCP and UDP ports 20 and 21. To accept FTP connections from the Internet, open these ports at your firewall in the inbound direction. To allow users behind your firewall to connect to FTP servers out on the Internet, open them in the outbound direction.


Quick navigation to subsections and regular topics in this section



 __________________

225. http://www.iana.org/assignments/port-numbers

Previous Topic/Section
2.4.2  LDAP
Previous Page
Pages in Current Topic/Section
1
Next Page
2.5.1  S/FTP
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.