10.9. Summary

FTP itself and FTP servers from various developers have had serious security problems throughout their history. The losses caused by FTP and sendmail bugs combined may even overshadow the losses caused by viruses.

FTP's main problem is that it was created to be user -friendly. Another problem is that it uses two ports. Authorization is performed only when connected to port 21, and data channel operations are conducted without any confirmation of the client's authenticity.

Back when it was created, FTP was needed for data transfer, but today it should be avoided. If you only want to let users download information, consider using HTTP for this. It is more secure, and it can be used to upload files to the server.

Data exchange on a local network can be organized using the Samba server or HTTP. Many administrators do feel like configuring the Web server only for data exchange and install potentially dangerous scripts on it. But keep in mind that FTP can also be dangerous to security. You should choose the lesser of the two evils. If you already have a Web server running, use its capabilities as much as possible; then you will be able to close port 21, thereby protecting yourself against potential problems that can arise from its use.

If you need to use the FTP service yourself for remote file operations, I recommend using the SSH package and the built-in SSH FTP to encrypt data. This type of connection is much more difficult to compromise.