Re: How to secure FTP?

From: mmac (no_at_thanks.com)
Date: 06/28/04

  • Next message: Jeff Cochran: "Re: How to secure FTP?" 
    Date: Mon, 28 Jun 2004 10:39:30 -0700

    Thank you , that was quite clear and understandable. I'll leave well enough
    alone for now and read up on SSL (since I need to set that up for my
    exchange OWA anyway. ) Once I figure that out I'll see if it would fit for
    FTP. Though from your explanaition I hardly need it.

    ""Alun Jones [MSFT]"" <alunj@online.microsoft.com> wrote in message
    news:U0ZhdCTXEHA.2272@cpmsftngxa10.phx.gbl...
    > > From: "mmac" <mmac@junkmail.bin>
    > >
    > > OK that makes sense.
    > > I'll give it a go.
    > > So I am also hearing in this thread that secure FTP isn't really
    > necessary for
    > > my application? It's meant more for encryption than anything else?
    >
    > Like I said, it really depends on what you mean by "secure FTP".
    >
    > To some people, FTP as described by the basic standards document is not
    > secure, because it doesn't encrypt usernames and passwords. In practice,
    > you're not going to find many people that have the ability to make good on
    > that, because it means they must somehow put themselves, and their
    > monitoring machines, on the network path between your server and your
    > client. [Either by intercepting the current path, or by changing your
    path
    > to go to them first] This is about as likely, in the average case, as a
    > telephone wiretap - and you use the phone all the time without scrambling
    > technology.
    >
    > To others, the only security they need is the knowledge that the user name
    > and password are required by the server in order to log on, and that users
    > so authenticated are kept to the right places. Basic FTP provides that.
    >
    > But there are standards for providing encryption and authentication
    through
    > other mechanisms (such as SSL) that are supported by a number of third
    > party clients and servers - you can even get proxies / wrappers that can
    > turn IIS into such an encrypting server.
    >
    > Alun.
    > ~~~~
    >

  • Next message: Jeff Cochran: "Re: How to secure FTP?"

    Relevant Pages

    • Re: encrypt password for webservices
      ... When you say about limitation of IIS/SLL (I assume it should be SSL) ... > 3) Requests can be multi-threaded, and some requests can even be droped if ... which allows the server to find appropriate EncryptionKey ... > encryption. ...
      (microsoft.public.dotnet.security)
    • Re: No SSL Should I care?
      ... server issue or keep using Verizon's Wireless Sync which does use AES ... I was going to use activesync over wifi in europe since my 730 won't work ... and I couldn't get that to work using SSL either. ... that provides SSl encryption between my server and the verizon web ...
      (microsoft.public.pocketpc.activesync)
    • Re: FTP SSL with large file transfer
      ... No SSL involved. ... It's the same server under z/os, but typically one of any number of client ... FTP SSL with large file transfer ...
      (bit.listserv.ibm-main)
    • Help with SSL for Exchange 2003
      ... I hope somebody could help me with SSL. ... and Outlook, however, I cannot get SMTP to work properly. ... If I select SSL encryption the error I get is: "Your server does not ...
      (microsoft.public.exchange.admin)
    • Re: Can encryrpted packets be cracked by middle man?
      ... But when you add that "someone who has complete control ... ssl connection to the proxy server which then communicates with the web ... server which could be either http or https as is that possibility with ISA. ... > This is a question about how secure encryption is. ...
      (microsoft.public.security)