Encryption makes enterprise FTP server more secure

In the enterprise environment to build an FTP server for enterprise employees to share the convenience of the file. However, as a network administrator, do you really understand the security of FTP? Do not think that set a complex administrator account password can be all right, do not think that the system installed on the latest patches or choose the most new version of Serv-u and other FTP building tools can be foolproof. Here we will verify that FTP is not secure and provide encryption security for securing the FTP service.

One, FTP is not safe

We know that by default FTP site information is transmitted in plaintext without any encryption. This means that when a user logs on to an FTP site and enters a username and password, the information is not encrypted. Illegal users can restore this information to their original form through tools such as sniffer. Below we do a test, through sniffer the FTP site's username and password restored to plaintext.

Test environment:

In the Enterprise network A, b two computers are connected to the same subnet through the switch, B is the employee computer, an employee accesses the company's FTP server through him, and uses his username and password when he logs in to FTP. A is that we have the sniffer computer installed, and through sniffer we can monitor the username and password of the employee accessing the FTP server using the B computer.

Test process:

The first step is to install the sniffer sniffer tool on computer A and start the program. In the sniffer software, the monitor interface is launched through the "Matrix" button on the top, and the monitoring interface is opened so that we can begin to monitor the packets in the network. Starts with the capture (capture) →start (start) of the menu bar. In the Detection Packet window we click the Objects (Object) tab in the lower left corner and select Station (state), which will display all traffic in the current network in the window. (Figure 1)

Step two: At this time we inform the B computer's employees to use the computer to log on to the FTP server, then we in the sniffer Midpoint menu "capture (Capture) →stop and display (stop and display)". This assumes that our FTP server IP address is 192.168.1.20, then we find in the address list of the 192.168.1.20 this IP packet, and then click on the "DECODE (reverse decoding)" button for packet analysis. (Figure 2)

Step three: In the DECODE interface, we can analyze all the packets about 192.168.1.20. One of our analysis packets, analysis to the approximate 19th packet when the username information appears, we can see from the interface user name is LW. Continue to look down, to the 21st packet when you can see the password, the password in the form of plaintext displayed in the sniffer, the password is test168. (Figure 3)

At this point, we sniff the employee's username and password on the FTP server using the Sniffer tool, which is effective when the employee is on the same subnet as the computer where the sniffer is installed.