[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Raq4 - SSH - Installed and where to go ?
- Subject: Re: [cobalt-users] Raq4 - SSH - Installed and where to go ?
- From: "Bob Cruz" <bob@xxxxxxxxxxxxx>
- Date: Fri Dec 28 20:59:14 2001
- Organization: Gizmo, G-web
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Lilith wrote:
>
> I hope I don't sound -too- much like I'm thrashing a dead horse, but one
> of the major problems in getting end users and clients to be actually
> security-minded is the lack of good software that encourages it. As I
> mentioned, I really like Dreamweaver, but it doesn't have any secure FTP
> options... nor does FrontPage (iirc). Disabling telnet is all well and
> good, but as long as people are using vanilla FTP, passwords are still
> going in the clear.
>
I have not yet found a good FREE GUI SFTP Client, but the search will
continue!
As for vanilla FTP, and passwords in the clear, try an get ALL your users to
use a secure email client. (same password)
The primary reason for securing "our" FTP and Telnet sessions is that
usually we log in as admin and enter our password which is usually the same
password as root. If someone were to get a hold of that password good luck.
Your clients that use FTP normally don't have access to your root password
and if you put the right policies in place only a few should have admin
rights to their particular domain. Which I (just me) believe that your site
admins should be trained to use secure shells, therefore eliminating one of
the many, many security holes in the world of webservers.
The real key is VIGILLANCE.
No matter what we do our servers will never be 100% secure.
The real key is VIGILLANCE.
Regards,
Bob Cruz
G-Web