[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] ftp security

Subject: RE: [cobalt-users] ftp security
From: "Ligard, Vidar" <vligard@xxxxxxxxx>
Date: Mon Sep 8 06:27:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> -----Original Message-----
> From: Jim Dory [mailto:jim_dory@xxxxxxxxxxxxxx] 
> Sent: Friday, September 05, 2003 6:32 PM
> To: Cobalt Users List
> Subject: [cobalt-users] ftp security
> 
> 
> I'm running a raq4r as a email/web server for our small city 
> government. 
> I have it on the public interface of a firewall. (3 interfaces.. 
> public/private/exterior.)

I would use your hardware firewall to block out all traffic to the ftp server from anybody, except the ip of the machine you use to upload the web content. If that machine is sitting on the private port of the firewall, outside hackers will not be able to sniff on the password which does get sent in open text like telnet. They will not be able to spoof your ip to get in either, as the firewall will detect that ip to not belong to the exterior port, and drop the packet. If your workstation is on the exterior, however, you might want to consider using some sort of secure ftp, as others would potentially be able to see your password.

Vidar
> 
> I leave the ftp server off, and I have to go in and turn it 
> on whenever 
> I want to update a webpage, because of security concerns - right or 
> wrong. I'm not the most informed of admins and am relatively 
> new to it, 
> but am learning. Now I'm going to introduce a web camera to 
> our site and 
> as far as I know, it updates the camera images via ftp. 
> Perhaps there's 
> a http way to do it.. (looking at Axis cameras as they have their own 
> webservers, use linux, etc.) But,
> 
> My first question is should I be paranoid about leaving the 
> ftp server 
> running in its pretty much unaltered state, and
> second: if yes, what security steps can be taken to lock things down.
> 
> I will spend some time in the archives since I remember some 
> discussion 
> of this.. but it was usually something like chroot jail or something 
> that seemed over my head at the time - and probably still is. Just 
> wondering how much time I should spend on looking for a solution for 
> security - if it is even a concern - regarding ftp. Just 
> casting for a 
> quick answer.
> 
> Thanks, Jim D.
> 
http://www.nomealaska.org


_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to: http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- Re: [cobalt-users] ftp security
  - From: Jim Dory

Prev by Date: [cobalt-users] What process creates/deletes the daily gz of maillog etc? [RAQ4]
Next by Date: [cobalt-users] RaQ OS Install?
Previous by thread: Re: [cobalt-users] ftp security
Next by thread: Re: [cobalt-users] ftp security

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index