1 FTPS - FTPSE Objetivo: Iniciamos Filezilla Server, y nos vamos a la pestaña SSL/TLS settings, una vez dentro damos a generate new certificate (generar certificado nuevo): Rellenamos el certificado con nuestros datos:
2 Al dar a generate certificate mostrará la siguiente pestaña, dice que el certificado se ha generado correctamente: En la misma pestaña, rellenamos la contraseña privada y el archivo de certificado, despues escribimos la contraseña, en mi caso puse cmadrid: Ponemos que bloquee la cuenta automáticamente:
3 Vamos ahora al filezilla client y damos a gestor de sitios nuevo sitio. Rellenamos tal que así, ya explicaré por qué el motivo de puerto 990: Aceptamos y nos dará el siguiente mensaje que dice que el certificado del servidor es desconocido, aceptamos:
4 Y ya estamos conectados en Implícito: Vamos a crear el explicito, vamos a nuevo sitio y rellenamos los datos tal que así:
5 Y nos saldrá el mismo mensaje que antes, aceptamos y ya estamos conectados en explicito:
6 Explicación FTP, FTP/SSL, SFTP, FTPS, FTP, SCP: FTP FTP classic Plain FTP Clear-text password sent over the network Typically runs over TCP port 21 Defined by RFC 959 and 1123 Implemented in FTP/SSL component FTP/SSL FTP over TLS/SSL Often called 'FTPS' Often called 'Secure FTP' Plain FTP over TLS/SSL channel Password is encrypted Transfer is encrypted Typically runs over TCP port 21 or 990 Defined by RFC 959, 1123, 4217 and 2228 Implemented in FTP/SSL component SFTP SSH File Transfer Protocol SSH File Transfer Protocol Has nothing common with original FTP Often called 'Secure FTP' Password is encrypted Transfer is encrypted Typically runs over TCP port 22 RFC not yet finished Implemented in SFTP component There are several different secure file transfer protocols that are, unfortunately, named in a very confusing way that often makes it difficult to distinguish one from another. The aim of this page is to provide some guidelines to make it easier to determine which is which. Communication protocols Basically, there are the following file transfer protocols around: FTP the plain old FTP protocol that has been around since 1970s. The acronym stands for "File Transfer Protocol". It usually runs over TCP port 21. SFTP another, completely different file transfer protocol that has nothing to do with FTP. SFTP runs over an SSH session, usually on TCP port 22. It has been around since late 1990s. The acronym actually stands for "SSH File Transfer Protocol". SCP a variant of BSD rcp utility that transfers files over SSH session. The SCP protocol has been mostly superseded by the more comprehensive SFTP protocol and some implementations of the "scp" utility actually use SFTP instead. Secure communication layers Additionally, there are the following two secure communication layers: SSH a protocol that allows establishing a secure channel between the local and the remote computer. Serves as an underlying channel for associated protocols such as secure shell, port forwarding, SFTP or SCP. While it is possible to run the (slightly modified) plain old FTP protocol over SSH, this is not very common, fortunately. File transfer over SSH is nearly always done using SFTP or SCP.
7 TLS this is almost generally known primarily by its old name - SSL - and provides a way of securing otherwise unsecure protocols such as HTTP, SMTP, POP3 or FTP. Please note that SSL 3.1 is called TLS 1.0, and therefore TLS 1.0 is a newer version of the protocol than SSL 3.0, despite the lower version number. HTTP over SSL is often called HTTPS, and FTP over SSL is often called FTPS and has two variants, explicit (starts as an unencrypted FTP session and is secured on client request) and implicit (is secured right from the beginning and therefore needs a separate TCP port, usually 990). The implicit mode is deprecated, but still widely used. Secure file transfer protocols, or fitting it all together In an ideal world, the information above should be just enough. Unfortunately, this is not the case. The file transfer protocols are also referred to by other names, and even the names that only refer to a one single protocol are often mistakenly used for the wrong protocol by (understandably) confused authors. FTP should be only used for the plain old FTP protocol. SFTP should be only used for SFTP, the SSH file transfer protocol. However, people often shorten Secure FTP into SFTP - this is not correct, because the S in SFTP does not stand for Secure, but for SSH. SFTP2 this confusing name is used by some vendors to highlight the obvious fact that their SFTP protocol runs over SSH2. For all practical purposes, consider this to be a synonym of SFTP, because SSH1 has been deprecated for many years. Secure FTP this name is the most confusing, because it is used to refer to either of the two different protocols. Whenever this name is used, it is necessary to specify whether the SSH-based or SSL-based file transfer protocol is meant. SSH FTP, FTP over SSH fortunately, these names are not used very often. They usually refer to SFTP, the SSH file transfer protocol. Even though it is possible to run the (slightly modified) plain old FTP protocol over SSH, this is not very common. FTP/SSL, FTP/TLS, FTPover SSL, FTP over TLS, FTPS should be only used for FTP over TLS/SSL. SFTP over SSL although the SFTP protocol can utilize any underlying data stream, in practice SFTP over anything other that SSH is very rare. It is much more likely the term was used by mistake in place of either "SFTP over SSH" or "FTP over SSL". SCP should be only used for scp protocol/utility, a variant of BSD rcp. Some applications with SCP in its name now use SFTP by default instead - examples of this practice are WinSCP application and scp2 utility. TFTP is yet another file transfer protocol different from any of above.
Best Practices for Integrating Kerberos into Your Application This paper describes best practices for application developers who wish to add support for the Kerberos Network Authentication System to their
WS_FTP Professional 12 Security Guide Contents CHAPTER 1 Secure File Transfer Selecting a Secure Transfer Method...1 About SSL...1 About SSH...2 About OpenPGP...2 Using FIPS 140-2 Validated Cryptography...2
9854_C034.qxd 7/1/2004 6:05 PM Page 1 34 Network Security and Secure Applications Christopher Kruegel University of California 34.1 Introduction...34-1 34.2 Security Attacks and Security Properties...34-2
Fundamental Principles of Network Security By Christopher Leidigh White Paper #101 Executive Summary Security incidents are rising at an alarming rate every year. As the complexity of the threats increases,
Eport & Backup Guide Welcome to the WebOffice and WorkSpace eport and backup guide. This guide provides an overview and requirements of the tools available to etract data from your WebOffice or WorkSpace
ii Copyright 2006 Comcast Communications, Inc. All Rights Reserved. Comcast is a registered trademark of Comcast Corporation. Comcast Business IP Gateway is a trademark of Comcast Corporation. The Comcast
Deploying the BIG-IP System with SMTP servers This document contains guidance on conguring the BIG-IP system version 11.4 and later for most SMTP server implementations, resulting in a secure, fast, and
Iomega EZ Media and Backup Center User Guide Table of Contents Setting up Your Device... 1 Setup Overview... 1 Set up My Iomega StorCenter If It's Not Discovered... 2 Discovering with Iomega Storage Manager...
Active Directory and Linux Identity Management Published by the Open Source Software Lab at Microsoft. December 2007. Special thanks to Chris Travers, Contributing Author to the Open Source Software Lab.
Data protection Protecting personal data in online services: learning from the mistakes of others May 2014 Contents Introduction... 2 What the DPA says... 4 Software security updates... 5 Software security
Transition Networks White Paper Why Authentication Matters YOUR NETWORK. OUR CONNECTION. : Why Authentication Matters For most organizations physical security is a given. Whether it is video surveillance,
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
Load Balancing Microsoft IIS Deployment Guide rev. 1.4.2 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Appliances Supported... 4 Microsoft IIS Software Versions Supported...
Protocols and Network Security in ICS Infrastructures 2 Authors Miguel Herrero Collantes Antonio López Padilla May 2015 This publication is the property of INCIBE (the Spanish National Institute for Cyber-security)
Appliance Administration Manual v6.21 This document covers all required administration information for Loadbalancer.org appliances Copyright 2014 Loadbalancer.org, Inc. Table of Contents Section A Introduction...7
Port Blocking A BROADBAND INTERNET TECHNICAL ADVISORY GROUP TECHNICAL WORKING GROUP REPORT A Uniform Agreement Report Issued: August 2013 Copyright / Legal Notice Copyright Broadband Internet Technical
Loadbalancer.org Appliance Setup v5.9 This document covers the basic steps required to setup the Loadbalancer.org appliances. Please pay careful attention to the section on the ARP problem for your real
Barracuda Load Balancer Administrator s Guide Version 2.3 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2004-2008, Barracuda Networks
Network Monitoring and Management Recommendations Best Practice Document Produced by AMRES led working group on network monitoring (AMRES BPD 101) Authors: Esad Saitović and Ivan Ivanović February 2011
10 Things Your Next Firewall Must Do Introduction Without question, your network is more complex than ever before. Your employees are accessing any application they want, using work or personal devices.
LoadMaster Deployment Guide For Microsoft Exchange 2010 Updated: November 2011 2002-2011 KEMP Technologies, Inc. All rights reserved. KEMP Technologies and the KEMP Technologies logo are registered trademarks
Backup and Recovery With Isilon IQ Clustered Storage An Isilon Systems Best Practices Guide August 2007 ISILON SYSTEMS 1 Table of Contents 1. Assumptions... 4 2. Introduction... 4 3. Data Protection Strategies...
MASTER THESIS TITLE: Infrastructure as a Service (IaaS): Application case for TrustedX MASTER DEGREE: Master in Science in Telecommunication Engineering & Management AUTHOR: Alberto Guirao Villalonga DIRECTOR:
Broadvox SIP Trunking Frequently Asked Questions (FAQs) Table of Contents Can a Call Center with an automated dialer use Broadvox services? 3 Can I connect to Broadvox services if I have a dynamic IP address?
Securing Linux Servers Best Practice Document Produced by the AMRES-led working group on Security Authors: M. Kukoleča (AMRES), M. Zdravković (RCUB), I. Ivanović October 2014 TERENA 2014 All rights reserved.