Articles & Guides

How Secure Is FTP For Backup?

Cliff Boodoosingh, Editor on September 02, 2011
 
The File Transfer Protocol is one of the oldest protocols on the Internet, and dates back to about the same time email was created. Back in those days, only a very limited number of organizations could afford to have a multi-million dollar computer connected to the public network.

So you knew that you could trust most of the people you’d interact with online. The early internet was a very friendly, academic, professional place.

But then technology got cheaper, network access became easier, and anonymity became the norm. Today, the Internet is full of snoops, vandals and criminals who want to access your personal information and use it against you.

FTP was simply not designed for this kind of environment. But even today, we still see people using FTP as their primary backup method.

So in this article, I’d like to point out some of the most important privacy dangers associated with FTP backup.

Plain Text Passwords
When you send your login and password information to the remote server using FTP, all of this information is transmitted in plain text. This means that anyone listening in with a packet sniffer will be able to intercept your credentials and obtain access to your data.
Since it’s common for people to use the same password across many accounts, the hacker could also use this information to gain access to your online banking, email, CRM and other systems.

Data Transmission
Because FTP is an unsecured protocol, all of your data will also be transmitted without any encryption. As with your login and password, anyone with a packet sniffer can capture your data transmissions without your knowledge.

Storage
Unless you take the time to encrypt your data before transmitting it, your data will remain completely unsecured once it reaches the remote storage system. If that system should ever get exploited (maybe by the guy who intercepted your password on his packet sniffer), they will gain access to all of your information.
This is very common with people who store their data on their web hosting accounts, and then find out that the contents of their backups have been crawled and made publicly available on Google.

The Remote Host
The most common way that people FTP their backups to a remote site is through the use of a web hosting service. Although this is explicitly forbidden in the contracts of most web hosting companies, many people still try to tempt fate and upload their files anyways.
If you choose to do this, here are a few things you should keep in mind:
• Web servers are designed to PUBLISH information, and not to protect the privacy of information. So – unless you know exactly what you’re doing – there’s a risk that the data you store on a web server might end up being leaked.
• If you upload any kind of copyrighted information to your web host, they might suddenly shut down your account for piracy.
• If you need to recover from a low-cost web hosting account, they might throttle your bandwidth if they see that you’re transmitting too much data.

As you can see, FTP is less than ideal for backing up files. In addition to these privacy concerns, you should also worry about things such as file versioning, bare metal recovery, deduplication, and a number of other backup-related challenges.
Any good craftsman will tell you that every tool has its purpose, and every purpose has its tool. And this is certainly true when it comes to backup. By selecting a dedicated backup program that’s designed around your needs, you can avoid a lot of the headaches that come from do-it-yourself improvised solutions.

About The Author: Storagepipe offers secure and reliable automated online server backup solutions.

Add to:
Y! MyWeb Del.icio.us Digg Google Spurl
 

comment(s) Comments


Leave a Comment

Name:
Email Address:
Type what you see in the image (Required)
Just copy what you see in here into that text field!