File Transfer Protocol
File Transfer Protocol (FTP) is a non-secure means of transferring files between networked computers using TCP (Transmission Control Protocol).
Before you begin
- You must generate a unique FTP password in an upload account that has been configured to access the desired storage group. You must also know the name ("Id") of the upload account in which you set up the password.
- Each NetStorage access method has an optimized upload domain. Use
<Domain name prefix>.ftp.upload.akamai.comfor FTP uploads.
FTP is not secure
We recommend that you avoid FTP as an access method. If you choose to use it, it's important to understand how non-secure it is.
- During FTP transfer, content is unencrypted as it passes over the public Internet.
- Anyone along the transfer pathway that can “sniff packets” can also see the upload account Id (Username) and FTP password used for authentication. This allows that “sniffer” full access to your content, to perform any and all of the operations available to that user in NetStorage.
NetStorage offers some additional security measures for FTP:
- Password Rotation
- Brute Force Attack Prevention
- IP and Geo Access Control Lists
Even with these activated, they don’t offer the security available with a secure access method, such as SSH File Transfer Protocol (SFTP), Secure Copy, Aspera Upload Acceleration, or The Content Management Shell (CMShell).
Non-secure password requirements
Various requirements and recommendations apply to a non-secure password:
- Password Rotation (Recommended). It is recommended that you rotate a Non-secure password every three months. While this is not mandatory, you will be alerted via email once a password has reached this three month lifespan.
- Password Strength. Passwords used for non-secure access have specific strength requirements:
| Category | Requirement |
|---|---|
| Length | A password must be at least eight characters, but no longer that 20 characters in length. Legacy passwords that are shorter will continue working, but must adhere to the new requirements at the next password rotation. |
| Letter | A password must contain at least one letter character (a-z, A-Z) |
| Number | A password must contain at least one number character (0-9) |
| Repeating Characters | A password cannot contain more than two consecutive matching characters ("aa" is OK, "aaa" is not supported) |
| Match Requirement | The values input in the Password and Confirm Password fields must match |
| Known String Usage (Recommendation) | We recommend that you avoid the use of easily known or recognized strings in a Password. (For example, do not use "abc123," or ":_123.") |
How to add an FTP password
To use this tab to add a (non-secure) FTP password for access, perform the following:
-
Click FTP.
-
Click +Add FTP Password.
-
Populate the fields:
- FTP Password. Input a properly formatted password value.
- Confirm Password. Input the exact same value set in the FTP Password field.
- Notes (Optional). Input any password-related information you feel is relevant in this field. Potential hints for the FTP Password can be set here.
-
Click Add FTP Password to complete the process, and reveal an entry for the new password in the FTP Authentication table.
-
If desired, repeat Steps 2 - 4 to add an additional password. Repeat as necessary to add more passwords.
You should also incorporate Advanced Settings
NetStorage offers additional security for FTP. This includes Brute Force Attack Prevention and the use of Access Control Lists. We recommend that you incorporate both, and they are applied when configuring Advanced Settings for the upload account.
Brute Force Attack Prevention for FTP
This protection allows you to defend the target storage group from excessive incorrect FTP login attempts.
An offending client IP Address using this upload account is blocked from access for a specified amount of time, after a specified number of bad login attempts.
If you have not enabled FTP as an access method for the upload account, this functionality is hidden.
How to configure brute force attack prevention
Click the checkbox to enable it and reveal additional settings:
- No. of Failed Login Attempts. Select the number of failed login attempts required to trigger the lockdown for an offending client IP address.
- Minimum Lockdown Period. Select the amount of time an offending client IP address should be blocked from further access attempts.
Use your access method
You can use FTP once your upload account changes have propagated. View usage examples and limitations.
Updated almost 3 years ago