Securing FTP
You can make your FTP uploads and downloads more secure in one of two
ways: through Secure File Transfer Protocol SFTP or Transport Layer
Security TLS.
SFTPSFTP is a more secure way of uploading and downloading files than FTP.
When you use FTP, data is sent unencrypted, so someone who intercepts the
data can easily read it. SFTP encrypts the commands and the data to provide
a much more secure form of transport.
To use SFTP (also known as secure FTP or SSH file transfer protocol), your
host has to have configured the server to be able to accept a secure connection from you. Most shared hosts do not allow this because giving clients SSH
access opens doors for clients to get into areas of the server that the host
does not want them messing with.
The FTP and SFTP protocols work quite differently, and your host needs to
have opened a specific port and allowed you SSH login permission to be able
to connect with SFTP. If you do have SFTP access, the following steps show
how to make a connection using FileZilla. Other clients may differ slightly in
layout but require that you enter the same information
1. In your FTP client, select File➪Site Manager and create a new site.
2. Select the Protocol drop-down box and click SFTP.
The Site Manager dialog box opens, as shown in Figure 4-4.
3. Enter the Host name, Username, and Password, which are normally
the same as you would use with FTP.
4. Enter the correct setting in the Port field.
5. Click Connect and your client attempts to negotiate a secure connection.
If the client cannot connect, check with your host to confirm whether it
allows SFTP connections.
TLS
TLS offers a similar level of security to SFTP but is favored more highly by
hosts because it does not require that the client have SSH access to the
server.
The following steps describe how to connect using TLS and FileZilla:1. Choose File➪Site Manager and create a new site or select an
existing one.
2. Enter your FTP details as normal.
www.it-ebooks.info
69 Chapter 4: Managing Files
3. Click in the Encryption drop-down box (see Figure 4-5) and select
either Explicit TLS or Implicit TLS.
See the “Explicit TLS versus Implicit TLS” sidebar for more information.
4. Connect as normal.
Setting and managing file permissions
File permissions are a powerful security tool created to give the server
administrator the capability to define exactly who can read, write, and execute any given file.
Each file has its own permissions, which are either expressed in a textual
form drwxrwxrwx or in numerical form, such as
755.
permissions shown in three-digit format in FileZilla.
The permissions are set for
The owner:Usually the owner is the creator of the file, but that can be
changed, if necessary.
The group:Groups are set up in UNIX/Linux to manage permissions.
Each user can be added to multiple groups, and each file can be in one
group. This enables you to restrict who has access to the file.
The public:Anybody who has access to the system is classed as a
member of the public group. That means all users are in the public group.
