Securing Web connections

With the advent of public-key infrastructure and other secure connection

initiatives, most federal World Wide Web administrators have started working

out how to incorporate Secure Sockets Layer (SSL) and digital certificates

into their sites.

Use of such tools will keep information transmitted between the Web

server and the user's browser encrypted. It helps make for a more secure

site, especially when it comes to forms that ask users to input such information

as names, passwords and Social Security numbers.

However, often overlooked is a connection that also should be secured

with encryption: the internal connection used to revise pages on the Web

server using File Transfer Protocol.

With the growing complexity of Web sites, it has become prevalent to

use what some call pagemasters. These are people who are responsible for

maintaining a particular page or group of pages on a Web site. Delegating

work to pagemasters leaves the Webmaster free to perform daily systems administration

duties. However, pagemasters often are not located in the same room or building/state/country

as the Web server, and thus they use FTP to upload and download files.

The use of FTP is common, but did you know that it sends the user's

name and password in the clear? Anyone with a simple port sniffer will be

able to gain access to your Web server by capturing the log-ins from FTP


What can be done? People still need to get files up to the server. Enter

the Secure Shell (SSH) and its utilities.

SSH is an encrypted connection to a remote host running an SSH server.

It gives you the ability to log on to a system with an encrypted session

so that everything — your name and password as well as your keystrokes — are unreadable by any sniffer.

One of the handy tools that comes with most SSH implementations is a

secure copy tool, usually called SCP. SCP will let you transfer files from

one computer to another over an encrypted connection. So whenever content

managers update Web pages, they can send the files to the Web server knowing

that their user names and passwords are relatively safe.

The Unix world has had SSH servers and clients for a while, but over

the past few years these tools have become available for the Windows and

MacOS platforms. There are free ones as well as commercial products, which

usually run about $100 for the clients.

Having an encrypted connection to your server is a good thing, but you

have to take into account any other ways people might access your system.

Using an SSH/SCP option for file transfers will greatly aid in the securing

of your server and help keep your site off the list of pages

that have been hacked.

—Klemmer is a senior Unix system administrator and security analyst

at the Strategic and Advanced Computing Center at Army headquarters. He

can be reached at


  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.