Saturday, December 22, 2012

Secure FTP

Secure FTP or No Plain Text Passwords Please

One of the first things anyone should do when they are transferring files is stop using plain text passwords. What are plain text passwords? Simply, they are passwords that are not encrypted in any way. This makes it childs play for the bad guys to login to your server (or in the jargon of the day, to own you or root you).

If a cracker gets on your site, they can do a lot of damage very easily. They can get your database settings and change all of your data, they can read your email, they can setup Trojan software that does evil things to other sites as well. Basically, you don't want to deal with this, and luckily it is easy to secure your website and server.


This post will show you how to get rid of FTP and it's plain text passwords. You will learn to use PuTTY and WinSCP, and as an added bonus, you won't even need to type passwords anymore.

That means that by using secure FTP you can login to your web host simply by clicking on the host name. Of course, you could do that with your insecure FTP, but guess what, there is no plain text file with your readable password. That is what security is about, making it too hard to bother with trying to crack. If you are the Pentagon, or a military supplier, you may need more security, but you wouldn't be here would you if that was the case would you?

Introduction To Secure FTP

VIDEO Missing Sorry

Resources

Download PuTTY Here ===>>> PuTTY
Download WinSCP Here ===>>> WinSCP

Transcript

Today I am going to teach you how to do secure file transfers instead of the insecure way that shows your passwords to the entire world. So I call this no more FTP. And if you want more information I always put out stuff so go to mayulienterprises.com. Sign up for my email and I will send out notification for private stuff as well as post that I do on security and marketing in business and all the other things that I like to do.

OK? So here we go.

Why do you even care? Yeah, that’s the question many people have. The big problem is plain text means everybody can see your passwords. And if that isn’t bad enough, most people use the same one or two passwords for every account they have. So, if somebody happens to get hold of your password, which all you have to do is use what you call a sniffer and sit around and wait for a field call user and a field call password and filter on those and you can get a lot of information and use it. So that’s the reason we want to get rid of that.

What I’m going to show you today shows you how to do everything encrypted. You will get rid of at least one major security risk that most marketers and other people using the web figure out doesn't matter to me, well it really does.

So here are the specific instructions that we’re going to go over. There are two things that you need to have your host do:

One is absolutely essential. And that’s asking your host to set-up an SSH account.

So you can just email him and say hey can you set-up an SSH. I don’t want to have any more FTP. And that’s going to allow them to set it up so you can do a secure FTP or Secure Copy depending on which one you decide to use. (Don’t worry; I’m going to show you how to do all these too).

And then the other thing that you have to do is ask your host to make your C-panel secure.

If you happen to use C-panel because by default you log-in and it’s just the same as FTP, your passwords are going to cross with no encryption at all. And they should be able to do that. If your host refuses to set-up those for you, I would seriously consider finding a new host and finding one fast because that’s not a very good security stance. If they’re that bad on easy things like this, then you certainly don’t want them when it comes to something difficult.

All right, so there’s a few things that you’re going to do and that’s basically what we’re going to go over today in these videos and the first one is a couple of downloads.

We are going to download two programs. One is called putty and one is called WinSCP (or winskip). Then we’re going to install those. Then you have to generate some public and private keys so we know you’re really you. We’re going to upload that public key to your web host and from that point on you’ll no longer even need to type in passwords.

All you do is basically log-in to your server using secure protocols and it pops-up automatically. And then we say congratulations you no longer have plain text passwords flying around the internet. And you don’t have to worry about one more risk.

Let’s get going here. Sit back, enjoy the show. It’s a couple different screen casts so you can enjoy them at your leisure.

I’m not here to pick on filezilla but I know a lot of people use that because it’s free. So what I’m going to basically show you is the file called filezilla.xml.

Most of the other FTP clients are going to do something similar. But the main thing I want you to see is right here. You go down to the bottom of this file called filezilla.xml depending on what operating system you’re in. It’s going to be in a different place but you’ll notice it has user and it would have your username and pass would be your plain text password.

There are ways to stop it from saving the password but that’s a pain because then you have to type in your password every time. And what I’m going to show you is going to get rid of that. So basically you can do one of two things. If you want to continue using filezilla at least stop your plain text passwords from being saved. But ideally I’d do what I’m going to explain and that is to use a completely secure protocols.

P.S. If this post helped you, please sign up for my mailing list , tell your friends, and feel free to leave comments below.

No comments:

Post a Comment