Secure FTP for PCI Compliance

Asked by:
Jayson / 10 Points
Time:
2013-07-30 1:46 pm EST
Category:
General Server Setup
Hits:
576
Hello

I'm trying to get PCI compliance for my e-commerce website. Here is their description of the problem:

The service running on this port (most often Telnet, FTP, etc…) appears to make use of a plaintext (unencrypted) communication channel. Payment industry policies (PCI 1.1.5.b, 2.2.2.b, 2.3, & 8.4.a) forbid the use of such insecure services/protocols. Unencrypted communication channels are vulnerable to the disclosure and/or modification of any data transiting through them (including usernames and passwords), and as such the confidentially and integrity of the data in transit cannot be ensured with any level of certainty.

Here is their suggested remedy:

Transition to using more secure alternatives such as SSH instead of Telnet and SFTP in favor of FTP, or consider wrapping less secure services within more secure technologies by utilizing the benefits offered by VPN, SSL/TLS, or IPSec for example. Also, limit access to management protocols/services to specific IP addresses (usually accomplished via a “whitelist”) whenever possible.

Can you tell me how to secure my FTP account?

Thanks,
Jasyon Dekmar

To ask this user for more information, please first login.

To submit an answer, please login.

ANSWERS

0

arnelc
Staff
13,579 Points
2013-07-30 3:18 pm EST
Hello Jayson,

Thanks for your question and our apologies for the difficulties with the PCI compliance issue. The main issue here is that you cannot currently get SFTP or secure your FTP account per the PCI requirements. There is a future project in the works to bring more of these features to Web Hosting Hub, but it is not implemented at this time and I do not have a timetable as yet.

The closest option that we have for securing the FTP connection is to use explicit FTP over TLS. Click on that link and you'll see our article on how to set it up. However, this solution does not match up with the recommendations of PCI.

Since we don't have a good solution at this point for a PCI compliance, if you must consider moving your hosting, check out our sister company: InMotion Hosting. They provide servers with the PCI compliance as well VPS or Dedicated servers where you can utilize the secure FTP option that you're trying to find.

Apologies that we can't give you direct solution at this time in Web Hosting Hub. Please let us know if you have any further questions or concerns.

Regards,
Arnel C.

To submit a comment on this answer, please first login.

Want to share this Question?

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.