A security analyst wishes to increase the security of an FTP server. Currently, all traffic to the FTP server is unencrypted. Users connecting to the FTP server use a variety of modern FTP client software.
The security analyst wants to keep the same port and protocol, while also still allowing unencrypted connections.
Which of the following would BEST accomplish these goals?
A.
Require the SFTP protocol to connect to the file server.
B.
Use implicit TLS on the FTP server.
C.
Use explicit FTPS for connections.
D.
Use SSH tunneling to encrypt the FTP traffic.
Badly written question tantamount to “A security analyst wishes to jump into a swimming pool and yet not to get wet.”
The key in here is that “The security analyst wants to keep the same port and protocol”
So we have:
FTP: Port 21
SFTP: Port 22
EXPLICIT FTPS: The client connects to the normal FTP port 21 and explicitly switches into secure (TLS) mode with “AUTH TLS”
IMPLICIT FTPS: Is an older and deprecated style service that assumes TLS mode right from the start of the connection (and normally listens on TCP port 990, rather than 21)
So the only one which meets the criteria is indeed: C.Use explicit FTPS for connections.
6
0