Is FTP on router secure?

networking router security encryption ftp
5,721

Solution 1

Unencrypted FTP is just that. An attack that intercepts your data (very unlikely in “normal” countries, by the way) can read both login credentials and data transfers.

SFTP is not related to FTP at all. Instead, it uses a SSH connection. As such, it’s very secure, as long as you have reasonable credentials. Like SSH, it supports public key authentication.

There’s also FTP-ES (FTP with explicit SSL/TLS), it also runs on port 21. In this mode, a plaintext session starts where the client, after querying server capabilities, tells the server to start an encrypted session. Usually, both command and data sessions are encrypted, though the client can control that. Because it starts with a regular plaintext session, it’s backwards compatible.

Then, there’s FTP implicit SSL/TLS. It works like HTTPS, so there’s no unencrypted part. However, it’s not backwards compatible and as such must run on a different port, usually 990. It’s pretty much a legacy method of encrypting FTP.

It’s very unlikely your router supports encrypted FTP. If it supports SFTP, that’s a relatively painless option. There are many clients like WinSCP.

Solution 2

Non-encrypted FTP has the username and password sent by plaintext and is not secure.

SFTP is far better but if your router does not have this capability then you're out of luck.

Does your router have any VPN capability which might then offer you better security when FTP'ing to your drive? If not then, again, you're out of luck.

If you want encrypted transfer then create an SFTP server or create a VPN to your LAN.

Share:
5,721

Related videos on Youtube

Divin3
Author by

Divin3

boo!

Updated on September 18, 2022

Comments

  • Divin3
    Divin3 over 1 year

    I am using a 2TB external hard drive connected to an Asus RT-AC87U.
    The router can be accessed from the internet over FTP with the right username and password.

    My question is, that how secure is this connection?

    I know that it is protected with the user/pass, but I am thinking of encryption. Is it possible for someone to intercept the connection and get the transferred data?

    Also, how would it be possible to make it more secure? I know that there is a protocol called SFTP for encrypted file transfer. Is possible somehow to use SFTP instead of FTP, or what other possibilities do I have to increase security?

    In the routers menu I did not find anything related to security with the FTP server.

    You can have a look at the routers menu here: http://event.asus.com/2012/nw/dummy_ui/en/

    EDIT:

    The solutions I have got so far are way better than I expected, but to be clear about my whole concept here is that I can not really afford a server for 24/24 uptime. However I am looking for an easy solution for my users to be able to access parts of the share and be able to download/upload data in a more secure way. They are not that experienced; I even had to write a step by step guide for them to be able to map the share as a network location.
    I would like to keep things easy for them but also as secure as possible.

    • Devid
      Devid almost 8 years
      upgrade to Asuswrt-Merlin and you will have SFTP support on your AC-87U Router
    • Divin3
      Divin3 almost 8 years
      @Devid thank you, I will try it and give a feedback
  • Divin3
    Divin3 almost 9 years
    Yes, id does support VPN, do I have any other solution for a direct connection?
  • Divin3
    Divin3 almost 9 years
    So, does my router supports any of these? Do I have a solution for this problem? Where should I start?
  • Kinnectus
    Kinnectus almost 9 years
    Not unless you buy/create your own server(s) that have the functionality you desire... a VPN should be the easiest solution for you. Just make sure your router allows you to connect to the hard disk via the VPN...
  • Divin3
    Divin3 almost 9 years
    I am not sure about this, but I think altering the firmware may cause the product to lose the warranty. Also I am not experienced in Linux, but I am a fast learner. I updated the post with more information.
  • Divin3
    Divin3 almost 9 years
    You are right, the router does support VPN and it sounds as a good solution. I have updated the post with some more information.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

network communication encryption in java
How to access my FTP from Internet?
Laptop won't work with WPA encryption
Someone keeps hacking my wifi router
can a router be hacked from across the internet? what are possible ways it can be hacked?
Router Intrusion in firewall's log
How can I find the source of connections coming from private IPs?
How to port forward passive FTP from a router
Double NAT. How can it be detected? (and why/how it should create issues?)
Is it possible to build a fully functional LAN without any router, only with a switch?