Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1466
Views
0
Helpful
2
Replies

FTP Passive mode is more secure that Active mode !? how?

mohammed hashim
Level 1
Level 1

‎12-26-2015 12:28 AM

hi,

I do understand when I read from books about the operation of FTP Active vs Passive mode,

but the reason why Passive mode is more secure, I do not get it exactly !

appreciate if someone can help me to understand this point.

Labels:
0 Helpful
2 Replies 2

Dan Lukes
VIP Alumni
VIP Alumni

‎12-26-2015 01:18 AM

You need not to deal with incoming TCP streams.

0 Helpful

Karsten Iwen
VIP
VIP

‎12-26-2015 01:21 AM

It always depends on which aspect of security you are talking about. They are no different in security when it comes to confidentiality and integrity of the transmission. Both are not cryptographically protected. With that, if your data has to be protected, you should avoid FTP.

The main difference in security is about what you have to allow on your firewall. With passive FTP your clients only initiate outbound connections. With active mode, the data-channel is an  inbound connection through your firewall. For sure, that is handled through statefull inspection and only the right traffic is allowed to come in. Still, having inbound connections from an untrusted network directly to your user-systems is considered less secure then only having outbound connections.

For optimum security, there should always be an FTP-proxy in a DMZ.

0 Helpful
Customers Also Viewed These Support Documents