Re: How to secure FTP?

From: Jeff Cochran (jeff.nospam_at_zina.com)
Date: 06/28/04 

Date: Mon, 28 Jun 2004 19:02:09 GMT

On Mon, 28 Jun 2004 10:39:30 -0700, "mmac" <no@thanks.com> wrote:

>Thank you , that was quite clear and understandable. I'll leave well enough
>alone for now and read up on SSL (since I need to set that up for my
>exchange OWA anyway. ) Once I figure that out I'll see if it would fit for
>FTP. Though from your explanaition I hardly need it.

Well, if it *does* fit you'll need to use a FTP service other than
Microsoft's, which won't do secure FTP. :)

Jeff

>""Alun Jones [MSFT]"" <alunj@online.microsoft.com> wrote in message
>news:U0ZhdCTXEHA.2272@cpmsftngxa10.phx.gbl...
>> > From: "mmac" <mmac@junkmail.bin>
>> >
>> > OK that makes sense.
>> > I'll give it a go.
>> > So I am also hearing in this thread that secure FTP isn't really
>> necessary for
>> > my application? It's meant more for encryption than anything else?
>>
>> Like I said, it really depends on what you mean by "secure FTP".
>>
>> To some people, FTP as described by the basic standards document is not
>> secure, because it doesn't encrypt usernames and passwords. In practice,
>> you're not going to find many people that have the ability to make good on
>> that, because it means they must somehow put themselves, and their
>> monitoring machines, on the network path between your server and your
>> client. [Either by intercepting the current path, or by changing your
>path
>> to go to them first] This is about as likely, in the average case, as a
>> telephone wiretap - and you use the phone all the time without scrambling
>> technology.
>>
>> To others, the only security they need is the knowledge that the user name
>> and password are required by the server in order to log on, and that users
>> so authenticated are kept to the right places. Basic FTP provides that.
>>
>> But there are standards for providing encryption and authentication
>through
>> other mechanisms (such as SSL) that are supported by a number of third
>> party clients and servers - you can even get proxies / wrappers that can
>> turn IIS into such an encrypting server.
>>
>> Alun.
>> ~~~~
>>
>

Relevant Pages

  • Re: FTP SSL with large file transfer
    ... No SSL involved. ... It's the same server under z/os, but typically one of any number of client ... FTP SSL with large file transfer ...
    (bit.listserv.ibm-main)
  • FtpWebRequest over SSL
    ... the directory from an FTP server. ... but another site that uses SSL times out on the ... it to one connection. ... This is output from an FTP client program that is connecting to my SSL ftp ...
    (microsoft.public.dotnet.security)
  • Re: Crypted fields
    ... I did check on the server I use for my internet ... As a bookseller I have a internet site with form to order books. ... You need to make sure your order form is using SSL at the browser ... You also need to encrypt the data when it reaches your email server. ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: How to secure FTP?
    ... >> So I am also hearing in this thread that secure FTP isn't really ... It's meant more for encryption than anything else? ... > and password are required by the server in order to log on, ... > other mechanisms (such as SSL) that are supported by a number of third ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: SSL without certificates
    ... >> I want to use SSL for client to server communication. ... As I said in my original post, I want to use SSL to encrypt the ...
    (alt.computer.security)