Question : Top 5 Best Practices when using FTP - Pulling and Pushing Data files

Hi Experts,

I'm new to FTP and I have googled this question - What are the Top 5 Best Practices when using FTP and really didn't get what I was looking for.  Can a couple of experts either tell me what they think are the best practices or direct me to a couple of good sites. Thanks

P.S. This is onlly to do with getting and pushing data, not how to set up the server.

Answer : Top 5 Best Practices when using FTP - Pulling and Pushing Data files

Well, if its just one business sending you files I would suggest some of the following (not in any specific order of importance)

1) If possible for them to change their password every 60-90 days.
2) If possible have them use FTP-SSL.  This will not only protect the data in flight, but it will also protect their user-id and password.
3) If they do not need to have access to files they have already sent then give them write access to the directory, but not read.  This will prevent somebody who may "stumble" across their user-id and password from having the ability to pull files.
4) If the files contains sensitive data then in addition to doing FTP-SSL also encrypt the file.
5) If the ftp server sits in a DMZ, get the files off of the ftp server and into your secured network area as soon as possible.

Some companies are switching from FTP to SFTP, which is a ftp like enviroment that is built on top of SSH.  You can also see this refered to as SFTP.  Now, in my personal opinion SSH FTP is no more, or less, secure than SSL'ed FTP.  However it (SSH FTP) can be a bit easier to setup going through a firewall.