Re: [cobalt-users] Secure FTP?

["storage@xxxxxxxxxxxxx" <storage@xxxxxxxxxx>]

Gilles Dumangin <gilles_dumangin@xxxxxxxxxxx> said:

> I don't need DNS so I'm fine with leaving it as not running. However, I 
> need ftp. Is there a secure FTP protocol as there is a secure telnet?
> 
Turning off FTP on a box with lusers on it is nigh on impossible when you get 
right down to it. There's no elegant solution, no point-and-click interface 
(that I'm aware of). There's command line tools like scp (secure copy), which 
tunnels transfers through SSH, but they're awkward for users who aren't used 
to the command line. You'll find plenty of links to information here:

http://www.google.com/search?q=secure%20copy

> If so, would they be able to get in?
> 
Yes.

In all honesty, the only way to really secure a box is to unplug the NIC; 
unplug the box; pass it through an enormous electromagnet; chop it up into 
small pieces; and then melt the small pieces to be sure. And lock yourself in 
a small room afterwards - remember, the sysadmin can often be the weakest 
link.

Alternatively, you can make it as secure as you possibly can by turning off 
all ports that aren't required; keeping an eye on your logs; monitoring a 
security mailing list like BUGTRAQ; and keeping your software up to date. If 
you do all that, you'll probably discourage all but the most persistent and 
skilled crackers.

And most crackers out there are pubescent little boys with neither of the 
above. Most of the ones _with_ those atttributes are white-hat hackers, and 
will likely leave as soon as they've had a poke around your machine, and send 
you an email afterwards about how they got in, and how to fix it. (Good 
Hacker == Good Hacker.)

Keeping your fingers crossed wouldn't do any harm either.

adam