File Transfer Protocol Securely, here we are achieving FTP over encrypted tunnel which will help us to transfer files securely with out getting sniffed.

Scenario:

Consider a person walks in an organization with a laptop for some work or pretending to be the delivery boy for some computer parts. He fires up his laptop and uses aircrack or any similar tool to crack WEP and WPA/WPA2.

Now when he is in the network, he uses tcpdump tool to sniff packets. Any communication via FTP from internal organization will be captured with Username and Password in clear text communication.

Guy has the username and password 🙂

Solution:

FTP encrypted with RSA 1024 key giving FTPS connection with encrypted details. (Above Example is for pure-ftpd)

  • Create self signed certificate using openssl (730 days means valid for 2 years)

cd /etc/pure-ftpd

openssl req -x509 -nodes -days 730 -newkey rsa:1024 -keyout pure-ftpd.pem -out pure-ftpd.pem (follow on screen instruction)

  • vi /etc/pure-ftpd.conf and change the below parameter to it’s respective value given below

TLS 3

AnonymousOnly no

AnonymousCantUpload yes

NoAnonymous yes

  • Restart pure-ftpd service

service pure-ftpd restart

  • Check the Implementation

cat /etc/pure-ftpd.conf | grep -i tls

output should be : TLS 3

FTPS Setting on FileZilla (Version – 3.5.0 & above) for a Domain

Please download latest version of FileZilla , http://filezilla-project.org/download.php

* open FileZilla, click on File >> Site Manager

* Enter Required Information, as shown below

   * Host: domain_name
   * Port: 21 or 1545 (depend on what port FTP is running on server)
   * Protocol: FTP (File Transfer Protocol)
   * Encryption: Require explicit FTP over TLS
   * Logon Type: Normal
   * Username: domain_user_name
   *if FTP sub-account created then FTP_account_name@domain_name
   * Password: ****
  • Click connect and certificate will be displayed, tick check box and click OK

PS: We can provide settings for pro-ftpd and VSFTPD too. Also script available to check for the expiry date and renewing automatically.