|
|
CuteFTP Home Feature Tour: File Transfer Security
File Transfer Security
Secure SSL Sessions
SSL Session Choices
SSL Certificates
Access Policies
 |
 |
FTP Security Considerations
FTP, which stands for File Transfer Protocol, is the industry standard for file transfer. All phases of the FTP session occur in unencrypted (plain-text) form.
Authentication takes place on the server by matching a supplied username and password pair with a valid user account on the server. This information is transmitted in plain text over the network connection and is subject to password theft.
Secure Socket Layer (SSL) Sessions
To secure your sessions CuteFTP relies on 128-bit SSL, the same secure technology used by Internet browsers and servers for authentication, message integrity, and data confidentiality.
Secure Connection
SSL Session Choices
When setting up your SSL connection, CuteFTP lets you choose between three common SSL implementations, including TLS (AUTH TLS)*, SSL Implicit** (direct connect over port 990) and SSL Explicit** (AUTH SSL) mode. Most FTP servers support at least one, while some (such as GlobalSCAPE's Secure FTP Server) support all three.
SSL Settings Page
You can also choose whether to encrypt the entire session or leave the control or data channels in "the clear , i.e. unprotected.
* TLS is currently being submitted to the IESG (Internet Engineering Steering Group) for consideration as a proposed standard for SSL connections.
** SSL Implicit (direct connect via port 990, as defined by the IANA) and SSL Explicit (AUTH SSL) modes were deprecated in draft-murray-auth-ftp-ssl-12.txt. However they are still widely used.
SSL Certificates
SSL relies on certificates to confirm the identity of the server, and in some cases, the identity of the client as well.
CuteFTP includes a full certificate management system, giving you the ability to accept or reject a server's certificate, store accepted certificates in a local database, import and export certificates in the local store, use Window's trusted certificate store for certificate approval, and the ability to create your own "strong (4096-bit) self-signed certificate set, including a certificate request file (for signing by a Certificate Authority (CA) such as Verisign or Thawte)
Certificate Accept Prompt
Access Policies
Encrypt your Site Manager (address book) contents using the powerful Blowfish cipher or completely disallow password saving, including URL and Quick Connect history, in-between application sessions. You can also change the default Site Manager and session log storage locations. These policies and features help mitigate the risks of running on a shared or physically unrestricted machine.
Password & Storage Settings Page
|