The traditional FTP protocol sends commands and data in “the clear” over the network/internet. This FTP data could be intercepted by an attacker, which could then be viewed and altered before sending it on to the receiver.
If you are sending sensitive data over the internet, then you may want to consider the SFTP (SSH File Transfer Protocol) for securing data. The following image shows a model of the encryption at work:
SFTP creates an encrypted tunnel between two computer systems and will protect against the following attacks:
IP spoofing, where a remote host sends out packets which pretend to come from another, trusted host
IP source routing, where a host can pretend that an IP packet comes from another, trusted host
DNS spoofing, where an attacker forges name server records
Interception of cleartext passwords and other data by intermediate hosts
Manipulation of data by attackers in control of intermediate hosts
SFTP uses a combination of
asymmetric
(public key) cryptology and
symmetric
cryptology to provide strong encryption and optimal performance.
SFTP is supported by most commercial servers and many open source servers (for example, Linux). SFTP is a good protocol to use for transmitting large files since it compresses the data stream prior to encryption.
Managed File Transfer
implements current SSH 2.0 protocol standards.
The SSH Handshake process is detailed in the Appendix.