[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] more security questions - was 'purchasing a secure certificatefr om Thawte'

Subject: Re: [cobalt-users] more security questions - was 'purchasing a secure certificatefr om Thawte'
From: "Mike Fritsch" <mfritsch@xxxxxxxxxxxx>
Date: Tue Jun 6 10:37:17 2000

SecureFX is a secure FTP client , go to http://www.vandyke.com . I have not
used it but their SecureCRT is really good so I would assume it is very high
quality also

Mike

----- Original Message -----
From: Brian Baggett <bbaggett@xxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Cc: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, June 06, 2000 9:18 AM
Subject: [cobalt-users] more security questions - was 'purchasing a secure
certificatefr om Thawte'


> Thanks for the words of wisdom.  I definitely appreciate your thoughtful
> advice.  I'm starting to wish I had purchased the managed solution
already.
> :-)
>
> I have a few related security type questions.
>
> If my RaQ3 is remotely hosted and only has one drive, how can I securely
> back up files without FTP'ing them unencrypted across the net?  Can you
> connect via ssh and then do an FTP inside of that connection?  Are there
any
> easy to use secure FTP clients?  Also, how do you recommend storing
> customer's credit card information on the box?  And how do I retrieve it
> without transferring it across the net unencrypted?  I currently use a
from
> on an SSL page that drives a perl program that writes the information to a
> flat file in an .htaccess protected directory.  Then I can retrieve the
data
> by https'ing to that directory and logging in with my name and password.
Is
> this safe?  Is there a better way of doing this without giving up too much
> of the convenience of my current solution?
>
> Thanks,
> Brian
>
> -----Original Message-----
> From: Rodolfo Paiz [mailto:rpaiz@xxxxxxxxxxxxxx]
> Sent: Monday, June 05, 2000 11:28 PM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-users] purchasing a secure certificate from Thawte
>
>
> > Should I just press on with the instructions from the RaQ's
> > user manual or should I be more concerned about finding and
> > backing up my private key?  Is it secure enough in the
> > default location?
>
> [soapbox on]
>
> Hmm... this is your private half of the security mechanism
> that will protect most, if not all, your valuable and con-
> fidential communications with the outside world. If you lose
> this or mishandle it, you will have to go to some amount of
> work to recover it. If someone steals it, you may lose a
> substantial amount of money or data, or both.
>
> You're not syure where it is stored. You don't actually have
> a copy in that you don't have a copy *where you know you can
> get at it*. You have no way of finding and/or recovering that
> little bit of data if your hard disk goes south. And you'll
> have Hell's own time decrypting your own data if you don't
> have that private key.
>
> As Brent said, the prospect is not to instill fear... Never-
> theless, anytime your security is concerned (yours, your
> data's, your customers', your customers' data, any or all of
> the above), always be paranoid. Always be concerned. And
> never have blind faith in anything, especially anything of
> whose internal workings you aren't 100% cognizant. I recall
> a thread recently of some Cobalt equipment storing the root
> password in a clear-text (world-readable) file in an open
> (world-readable) directory. Mmm... is that the sound of
> security frying I hear? (Check the archives; I'm *not*
> kidding.)
>
> Find the key. Back it up. Secure it as best you can. Under-
> stand how it is stored, where, and how. Figure out what
> someone would have to do to hack it or get at it, then try
> to protect against that eventuality. *Then* press on with
> the instructions.
>
> [soapbox off]
>
> I mean you no offense, Brian; I hope you realize that. I
> am only trying to EMPHATICALLY make the point that your
> server's security is of paramount importance, and that
> the one cardinal sin in security of any type is to show
> unwarranted trust. Matter of fact, some would say that
> the only mistake is to show *any* trust, period. But
> we're only paranoid around here, not psychotic. :)
>
> Hope I convinced you to take that key very seriously...
>
> ------
> Rodolfo J. Paiz
> rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>
>
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- [cobalt-users] more security questions - was 'purchasing a secure certificate fr om Thawte'
  - From: Brian Baggett

Prev by Date: [cobalt-users] PHP poor performance
Next by Date: RE: [cobalt-users] Possible Hack atempt?
Previous by thread: RE: [cobalt-users] more security questions - was 'purchasing a secure certificatefr om Thawte'
Next by thread: [cobalt-users] RaQ3 help requested

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index