Verify File is Encrypted before allowing FTP upload

Status
Not open for further replies.
N

Nyper

Baseband Member
Messages
74
Does anyone knwo of any software (preferably open source... or at least free.. but we may purchase if necessary) that will monitor an FTP connection and verify that a file is encrypted before allowing it to be uploaded? Our current setup allows customers to encrypt a file (using gpg) and upload it to our server. Well, we don't want to allow them to upload ANYTHING unless it is encrypted. We were thinking of some proxy to sit in front of the FTP transfer obviously...

Anyone?
 
csamuels said:
why wont encrypting from client to server work? you could use SSL
Click to expand...

Because FTP itself is unencrypted.


People like me sit here with ARP posioning and pick up what's being sent to the FTP. Kinda also pointless to encrypt if they can pick up your FTP passwords (Which I can)
 
thats why you configure it to encrypt the data

http://en.wikipedia.org/wiki/FTPS

FTPS is a name used to encompass a number of ways in which FTP software can perform secure file transfers. Each way involves the use of a SSL/TLS layer below the standard FTP protocol to encrypt the control and/or data channels. It should not be confused with SSH file transfer protocol.

The most common uses of FTP and SSL are:

AUTH TLS or Explicit FTPS, named for the command issued to indicate that TLS security should be used. This is the preferred method according to the RFC defining FTP over TLS. The client connects to the server port 21 and starts an unencrypted FTP session as normal, but requests that TLS security be used and performs the appropriate handshake before sending any sensitive data.

AUTH as defined in RFC 2228.
Implicit FTPS is an older style in which the client connects to a different port (usually 990), and an SSL handshake is performed before any FTP commands are sent.

If you are trying to deploy a secure FTP client or server, you may get badly bitten by a poorly designed or configured Firewall. [1] has a link to an Internet Draft that might help.
 
Status
Not open for further replies.

Similar threads

P
I. T. Industry Boom
Replies
0
Views
741
phantom555
P
S
Psychos 'R' Us: A genuine tale of stalking!
Replies
2
Views
2K
Scissorman
S
R
How to compress source code downloaded from github and make executable zip file.
Replies
0
Views
1K
rupeshforu3
R
AMD_man
Read it! They got to CCleaner too
Replies
0
Views
2K
AMD_man
AMD_man
H
Do I need a server?
Replies
4
Views
2K
Homeless_Shelter_IT
H
Back
Top Bottom