How secure is Linux FTP vs IIS FTP ? - Security

This is a discussion on How secure is Linux FTP vs IIS FTP ? - Security ; > Now, consider a theoretical different site, running an ftp daemon > offering standard ftp, but only wrapped in SSL. (Prepackaged ftp > daemons designed to operate that way exist.) In that case, you would be > not merely misguided ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 25 of 25

Thread: How secure is Linux FTP vs IIS FTP ?

  1. Re: How secure is Linux FTP vs IIS FTP ?

    > Now, consider a theoretical different site, running an ftp daemon
    > offering standard ftp, but only wrapped in SSL. (Prepackaged ftp
    > daemons designed to operate that way exist.) In that case, you would be
    > not merely misguided but outright mistaken: Passwords are _not_ sent
    > in the clear, and it encrypts _everything_.


    That wasn't the question... the question was about the ftp (and
    unclearly worded), but not about ways to run the protocol through an
    encrypted connection. ftp is just basically not secure, and you can't
    make it secure, you can just hide it in something which is.

    --
    -bill davidsen (davidsen@tmr.com)
    "The secret to procrastination is to put things off until the
    last possible moment - but no longer" -me

  2. Re: How secure is Linux FTP vs IIS FTP ?

    On 2006-04-21, Bill Davidsen wrote:
    >> Now, consider a theoretical different site, running an ftp daemon
    >> offering standard ftp, but only wrapped in SSL. (Prepackaged ftp
    >> daemons designed to operate that way exist.) In that case, you would be
    >> not merely misguided but outright mistaken: Passwords are _not_ sent
    >> in the clear, and it encrypts _everything_.

    >
    > That wasn't the question... the question was about the ftp (and
    > unclearly worded), but not about ways to run the protocol through an
    > encrypted connection. ftp is just basically not secure, and you can't
    > make it secure, you can just hide it in something which is.


    Bingo. Thank heavens *someone* here is (i) paying attention &
    (ii) knows what they're talking about.

    --
    "Other people are not your property."
    [email me at huge [at] huge [dot] org [dot] uk]

  3. Re: How secure is Linux FTP vs IIS FTP ?

    Bill Davidsen wrote:

    > That wasn't the question... the question was about the ftp (and
    > unclearly worded), but not about ways to run the protocol through an
    > encrypted connection. ftp is just basically not secure, and you can't
    > make it secure, you can just hide it in something which is.


    An admirably pigheaded and verbose way of saying "SSL can be used, a la
    carte, with ftp where needed." Well done! (Examples of it being
    extraneous include anonymous-only deployments on all my servers.)

    --
    Cheers,
    Rick Moen Habetis bona deum.
    rick@linuxmafia.com


  4. Re: How secure is Linux FTP vs IIS FTP ?

    In article , Rick Moen wrote:
    > Bill Davidsen wrote:
    >
    >> That wasn't the question... the question was about the ftp (and
    >> unclearly worded), but not about ways to run the protocol through an
    >> encrypted connection. ftp is just basically not secure, and you can't
    >> make it secure, you can just hide it in something which is.

    >
    > An admirably pigheaded and verbose way of saying "SSL can be used, a la
    > carte, with ftp where needed." Well done! (Examples of it being
    > extraneous include anonymous-only deployments on all my servers.)


    Could you recommend a particular server and config options?

    I'd like to offer the "FTPS" my Dreamweaver (etc) users expect,
    but nothing that would even let them try to send that password
    in the clear. (Getting tired of holding their hands while they
    install WinSCP or Fugu and complain about the inconvenience.)
    It seems like half of them are on TV cable service now.

    Is it really as simple as stunnel in front of a standard ftpd
    and restricting port 21 (in iptables) to connections
    from 127.0.0.1 ?

    tnx

    --
    Cameron
    http://counter.li.org user #229


  5. Re: How secure is Linux FTP vs IIS FTP ?

    Cameron L. Spitzer wrote:
    >
    > Could you recommend a particular server and config options?
    >
    > I'd like to offer the "FTPS" my Dreamweaver (etc) users expect,
    > but nothing that would even let them try to send that password
    > in the clear.


    I don't _personally_ have relevant experience, since my local policy is to
    use ftp only for anonymous-login (public) files. However my list of
    all known ftp daemons for Linux does include a number that are said to
    be SSL-capable, including my favourite ftp daemon, vs-ftpd.

    "FTP Daemons" on http://linuxmafia.com/kb/Network_Other/



+ Reply to Thread
Page 2 of 2 FirstFirst 1 2