[CLUE-Tech] enabling ftp
Lynn Danielson
lynnd at techangle.com
Sun Mar 18 08:17:46 MST 2001
rfrank wrote:
> On Saturday 17 March 2001 08:49, Ian wrote:
> > I can't say this enough. TURN OFF FTP ASAP!!!!
>
> Okay so now the order is ipchains, then ssh. OpenSSH seems to be
> preferred. But that means I'll have to put new software on any machine
> that needs to get to my site. A small price, I guess, for security.
>
> Roger Frank
So what about all of those sites that are running anonymous ftp
on a 24 by 7 basis? Granted, they're probably running in a DMZ,
but are these machines getting hacked on a regular basis?
The argument I'm hearing is that plain text passwords which both
telnet and ftp use are easily snoopable. Therefore, ftp/telnet
connections should not be used by any user account (especially
root accounts) on the box, because the account login information
might be gathered and used to crack into the box. But if I
should use a ProFTP package for example and configure for an
anonymous account with very restricted privileges and filesytem
access, is that such a horrible security risk? As long as I
never ftp to a less secure account no one should get any username
or password information that will help them crack the box. I'm
all for using ssh, but if I need to share information with others
on the net it seems running ftp for an anonymous account could
be done with some measure of safety.
Lynn Danielson
More information about the clue-tech
mailing list