A security analyst wishes to increase the security of an FTP server.
Currently, all traffic to the FTP server is unencrypted.
Users connecting to the FTP server use a variety of modern FTP client software.
The security analyst wants to keep the same port and protocol, while also still allowing unencrypted connections.
Which of the following would BEST accomplish these goals?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The BEST option to increase the security of an FTP server while allowing unencrypted connections, is to use explicit FTPS for connections (option C).
Explanation:
Option A - Require the SFTP protocol to connect to the file server: This option is not suitable because SFTP is a different protocol than FTP. SFTP stands for Secure File Transfer Protocol, and it operates over SSH (Secure Shell). Therefore, this option would require all clients to use SFTP client software, which may not be feasible or compatible with all clients.
Option B - Use implicit TLS on the FTP server: This option is not the best choice because it requires that all clients must support implicit TLS. Implicit TLS is an older method of securing FTP, which requires the client to initiate a secure connection with the server using a specific port. While it encrypts all communication between the client and server, it does not provide backward compatibility with clients that do not support implicit TLS.
Option C - Use explicit FTPS for connections: Explicit FTPS is a newer method of securing FTP, which provides backward compatibility with clients that do not support SSL/TLS. Explicit FTPS works by allowing the client to initiate a non-encrypted connection to the server, then requesting secure authentication with the server, and establishing an SSL/TLS session to encrypt the data. This method provides a higher level of security and is easier to implement because it does not require all clients to support SSL/TLS.
Option D - Use SSH tunneling to encrypt the FTP traffic: SSH tunneling is a secure method of connecting to a server over an unsecured network. However, it requires the installation of additional software on both the server and client sides, and it may not be feasible for all clients to use SSH tunneling. Additionally, this option is more complex and may require additional configuration, which can increase the risk of misconfiguration and reduce the overall security posture of the system.
Therefore, the BEST option for increasing the security of an FTP server while allowing unencrypted connections is to use explicit FTPS for connections.