Q

Don't use remote FTP for storing important files

I would like to upload some of my most important business files (doc, jpg, pdf, etc.) using CuteFTP Pro to a directory on my hosted webspace. I would like NO ONE but myself to have access to those files. The idea is to have a backup of those files for safekeeping and easy access from anywhere. What's the safest way of doing this? I have tried creating a directory and CHMOD it to 700. Is this a safe solution? Would everything (subfolders or files) I put under this directory inherit the folder's permissions?

There is no 'safest' way of doing this. FTP is one of the easiest protocols to circumvent. Simply put, your FTP username and password are always transmitted (together with any data you are transmitting) in the clear. They are not encrypted in any way. Therefore, an attacker is able to monitor ('sniff') your FTP transactions and retrieve your username and password. With this they can gain access to your data. I do not recommend you use...

a remote FTP site for storing important files.

Alternatives I would recommend are:

  • There are a number of secure online backup services available - Google for 'secure online backup'. I recommend you seek references and a commercial contract from any such company you do business with.
  • Encrypt your files using a product like PGP and back them up to media, such as CD/DVD. Store the CD/DVD somewhere safe, preferably offsite and in a secure location.
  • Keep your important files on an encrypted USB key or SD card or other portable storage media. These are easy to keep under lock and key and easy to transport.
  • This was first published in December 2006

    Dig deeper on Linux system security best practices

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchDataCenter

    SearchServerVirtualization

    SearchCloudComputing

    SearchEnterpriseDesktop

    Close