FTP Encryption: How FTP Can Be Secured with SSL/TLS
FTP Encryption: How FTP Can Be Secured with SSL/TLS. In this blog post, we introduce FTP and show you how to setup FTP and secure it with SSL/TLS.
Data that is sent over the Internet is exposed to several security risks. For instance, hackers may pretend to be a user, grab usernames and passwords, seize server control, and tamper with data in transit. SFTP is the preferred method of transferring files since it provides complete security throughout the transfer process.
What is Secure FTP (File Transfer Protocol)?
There is currently no way to encrypt data while it is being sent via the FTP protocol.
Hence, FTP requires multiple firewall ports because it utilizes one data connection for delivering instructions and another data connection if the client or server wants to transfer data.
Authentication information (usernames and passwords) is sent across a command channel in plaintext. The transfer of data files occurs through a second cleartext channel created after authentication is complete.
Who Needs Secure FTP?
Organizations that transfer sensitive data over the Internet or other unsafe networks should use secure FTP. Here are a few scenarios when using a secure FTP service may be beneficial.
1. Healthcare Providers and their Partners
File transmission is a more complex task for certain organizations in the healthcare business. Efforts must be made to prevent HIPAA breaches at all costs.
In the context of remote work, this may be extremely useful. Electronically protected health information (ePHI) must be protected at all times, including when it is being sent across networks and while it is in the possession of healthcare providers and other third parties.
When transferring sensitive information, SFTP may be used as a layer of protection to prevent unauthorized access, maintain data integrity, and prevent the firm from unintentionally breaking HIPAA rules.
2. Credit and Debit Card Processors
This secure FTP will help you comply with the Payment Card Industry Data Security Standard if you’re a service provider, processor, acquirer, merchant, issuer, or other entity that transmits Account Data.
3. Lawyers, Paralegals and Business Partners
A large volume of electronically stored information (ESI) may be made available to attorneys during civil litigation. File sharing still has to be safeguarded to avoid severe fines and maintain client trust.
4. Producers, Suppliers, and CAD designers
The ability to get products to market more quickly is gaining importance. Thus companies with overseas suppliers are searching for more efficient means of sharing sensitive data.
Email, cloud storage, and FTP have proven to be too sluggish for transferring complex CAD models and other large data necessary for production.
5. Organizations transferring huge data to the cloud
SFTP might be used by businesses that need to send sensitive data as huge files to the cloud. A private user might also wish to encrypt their communications.
6. Digital Movie Distribution
Movie makers have a pressing need for safe, large file transfers both before and after production. Without SFTP, notable blockbuster films might be shared before completion and release.
FTP Encryption: How FTP Can Be Secured with SSL/TLS
This section explains how to install the ProFTPD FTP server and then secure it with SSL/TLS.
Prerequisites
- A server running Ubuntu Linux
- A root user or a user with sudo privileges
Install ProFTPD FTP Server
By default, the ProFTPD package is included in the Ubuntu default repository. Please install it using the following command.
apt install proftpd -y
Once the package is installed, verify its version with the following command.
proftpd --version
See the ProFTPD package version in the following output.
ProFTPD Version 1.3.7c
Start ProFTPD Service
After installing the ProFTPD package, start the ProFTPD service and enable it to start at system reboot.
systemctl start proftpd
systemctl enable proftpd
Then, verify the status of the ProFTPD service using the following command.
systemctl status proftpd
Following screen should appear:
By default, ProFTPD listens on port 21. Verify it using the following command.
ss -antpl | grep proftp
This shows you to the ProFTPD port in the following output.
LISTEN 0 128 *:21 *:* users:(("proftpd",pid=109124,fd=0))
Create an FTP User
It is recommended to create a user for the FTP server. You can create a user called ftp1 using the following command.
adduser ftp1
Answer the following question to set a password for the ftp1 user.
Next, set proper ownership to both files.
chown ftp1:ftp1 /home/ftp1/file*
Configure ProFTPD
Next, edit the FTP configuration file and define your home directory. You can edit it using the following command.
nano /etc/proftpd/proftpd.conf
Change the following lines.
ServerName "My ProFTPD"
DefaultRoot /home/ftp1
Save and close the file then restart the ProFTPD service to implement the changes.
systemctl restart proftpd
Verify FTP Server
At this point, your ProFTPD server is installed and configured. Now, it’s time to access it from the remote machine.
From the remote machine, connect to your FTP server using the following command.
ftp your-ftp-server-ip
Provide your FTP username and password to connect to the FTP server.
Connected to 69.28.85.72.
220 ProFTPD Server (My ProFTPD) [::ffff:69.28.85.72]
Name (69.28.85.72:vyom): ftp1
331 Password required for ftp1
Password:
230 User ftp1 logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
After the successful authentication, list your FTP files using the following command.
ftp> ls
You will see both files in the following output.
229 Extended Passive Mode Entered (|||10399|)
150 Opening ASCII mode data connection for file list
-rw-r--r-- 1 ftp1 ftp1 0 Jul 20 08:50 file1
-rw-r--r-- 1 ftp1 ftp1 0 Jul 20 08:50 file2
226 Transfer complete
Finally, exit from the FTP shell with the following command.
ftp> exit
Secure FTP with SSL/TLS
To secure your FTP connection with SSL/TLS install the OpenSSL package first. Install it using the following command.
apt install openssl
Next, change the directory to the SSL and generate SSL certificates.
cd /etc/ssl/private
openssl req -x509 -nodes -newkey rsa:2048 -keyout proftpd.pem -out proftpd.pem -days 3650
Provide some information as shown below.
Next, change the permission of the certificate file.
chmod 600 proftpd.pem
Then, edit the ProFTPD configuration file.
nano /etc/proftpd/proftpd.conf
Define your certificate file path.
Include /etc/proftpd/tls.conf
Save and close the file then edit another file.
nano /etc/proftpd/tls.conf
Define your SSL certificate as shown below.
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv23
TLSRSACertificateFile /etc/ssl/private/proftpd.pem
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.pem
Save and close the file then restart the ProFTPD service to apply the changes.
systemctl restart proftpd
Verify Secure FTP via FileZilla
At this point, your FTP server is secured with SSL/TLS. Now, you will need to test it using any FTP client.
First, open the FileZilla client on the remote machine. You should see the following screen.
Create a new FTP connection. You should see the following screen.
Provide all required information like FTP IP address, username, then click on the connect button. You will be asked to provide your password as shown below.
Type your FTP user’s password and click on OK. After the successful authentication, you will see your FTP server on the following screen.
Thank you for reading FTP Encryption: How FTP Can Be Secured with SSL/TLS. Let’s conclude this topic below.
FTP Encryption: How FTP Can Be Secured with SSL/TLS Conclusion
In this post, we installed the ProFTPD server to create an FTP server and then test it via the command line. Then, we showed you how to generate an SSL/TLS and secure the FTP service using those certificates. You can now access your FTP server securely via SSL/TLS. Your all transferred files are now encrypted with SSL/TLS.
While SFTP offers numerous advantages to consumers and organizations, the security of the protocol is dependent on the proper management of SSH keys throughout their existence. As a result, businesses must implement secure and efficient protocols to safeguard SSH keys.
