12-26-2015 12:28 AM
hi,
I do understand when I read from books about the operation of FTP Active vs Passive mode,
but the reason why Passive mode is more secure, I do not get it exactly !
appreciate if someone can help me to understand this point.
12-26-2015 01:18 AM
You need not to deal with incoming TCP streams.
12-26-2015 01:21 AM
It always depends on which aspect of security you are talking about. They are no different in security when it comes to confidentiality and integrity of the transmission. Both are not cryptographically protected. With that, if your data has to be protected, you should avoid FTP.
The main difference in security is about what you have to allow on your firewall. With passive FTP your clients only initiate outbound connections. With active mode, the data-channel is an inbound connection through your firewall. For sure, that is handled through statefull inspection and only the right traffic is allowed to come in. Still, having inbound connections from an untrusted network directly to your user-systems is considered less secure then only having outbound connections.
For optimum security, there should always be an FTP-proxy in a DMZ.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide