I am using a 2TB external hard drive connected to an Asus RT-AC87U.
The router can be accessed from the internet over FTP with the right username and password.
My question is, that how secure is this connection?
I know that it is protected with the user/pass, but I am thinking of encryption. Is it possible for someone to intercept the connection and get the transferred data?
Also, how would it be possible to make it more secure? I know that there is a protocol called SFTP for encrypted file transfer. Is possible somehow to use SFTP instead of FTP, or what other possibilities do I have to increase security?
In the routers menu I did not find anything related to security with the FTP server.
You can have a look at the routers menu here: http://event.asus.com/2012/nw/dummy_ui/en/
EDIT:
The solutions I have got so far are way better than I expected, but to be clear about my whole concept here is that I can not really afford a server for 24/24 uptime. However I am looking for an easy solution for my users to be able to access parts of the share and be able to download/upload data in a more secure way. They are not that experienced; I even had to write a step by step guide for them to be able to map the share as a network location.
I would like to keep things easy for them but also as secure as possible.
Best Answer
Unencrypted FTP is just that. An attack that intercepts your data (very unlikely in “normal” countries, by the way) can read both login credentials and data transfers.
SFTP is not related to FTP at all. Instead, it uses a SSH connection. As such, it’s very secure, as long as you have reasonable credentials. Like SSH, it supports public key authentication.
There’s also FTP-ES (FTP with explicit SSL/TLS), it also runs on port 21. In this mode, a plaintext session starts where the client, after querying server capabilities, tells the server to start an encrypted session. Usually, both command and data sessions are encrypted, though the client can control that. Because it starts with a regular plaintext session, it’s backwards compatible.
Then, there’s FTP implicit SSL/TLS. It works like HTTPS, so there’s no unencrypted part. However, it’s not backwards compatible and as such must run on a different port, usually 990. It’s pretty much a legacy method of encrypting FTP.
It’s very unlikely your router supports encrypted FTP. If it supports SFTP, that’s a relatively painless option. There are many clients like WinSCP.