[CLUE-Tech] enabling ftp
Match Grun
match at dimensional.com
Sun Mar 18 12:37:30 MST 2001
There is a very good article in the latest Linux Journal which
discuss oftpd and some of the security issues running FTP.
Mmmm...
Lynn Danielson wrote:
>
> rfrank wrote:
> > On Saturday 17 March 2001 08:49, Ian wrote:
> > > I can't say this enough. TURN OFF FTP ASAP!!!!
> >
> > Okay so now the order is ipchains, then ssh. OpenSSH seems to be
> > preferred. But that means I'll have to put new software on any machine
> > that needs to get to my site. A small price, I guess, for security.
> >
> > Roger Frank
>
> So what about all of those sites that are running anonymous ftp
> on a 24 by 7 basis? Granted, they're probably running in a DMZ,
> but are these machines getting hacked on a regular basis?
>
> The argument I'm hearing is that plain text passwords which both
> telnet and ftp use are easily snoopable. Therefore, ftp/telnet
> connections should not be used by any user account (especially
> root accounts) on the box, because the account login information
> might be gathered and used to crack into the box. But if I
> should use a ProFTP package for example and configure for an
> anonymous account with very restricted privileges and filesytem
> access, is that such a horrible security risk? As long as I
> never ftp to a less secure account no one should get any username
> or password information that will help them crack the box. I'm
> all for using ssh, but if I need to share information with others
> on the net it seems running ftp for an anonymous account could
> be done with some measure of safety.
>
> Lynn Danielson
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list