Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: securing communication channel (FTP) - Need Suggestions

from [kurt] Network Security [Permanent Link]
Subject: Re: securing communication channel (FTP) - Need Suggestions
Date: 28 Jun 2005 15:40:31 -0000 
Firstly, base your choice on the need, not on what standard.  

What HW platforms do you have, what products do they support, do you have 
communication within or outside of the organisation and if so, what standard do 
the external partner have or is willing to use/accept. 

When you know that, you know what to use as 1:st choice. 


(1) Secure FTP (SSL:FTPS)

- Any pitfalls I need to be aware of from a 
setup/implementation standpoint?


Haven't used FTP/S so I can't really say, but on AS/400 and some other IBM 
mainframe env. it is standard. SSH/sftp do not exist. Tumbleweed and Ipswitch 
have Unix/PC versions. 


- How would the authentication to MySQL user 
database work?


? Wasn't it ftp the question was about? Do not run MySQL or any ftp-pluggin.
 


(2) Secure HTTP (https)

- Any pitfalls I need to be aware of from a 
setup/implementation standpoint?


Isn't real ftp, need the backend "CGI" to check transport. Usage more depending 
on if only web-access or not. Probably more unsecure, due to more security 
failings in web servers.


(3) 
a. Scp:
b. Sftp: Is it an interactive program? Does it 
provide non-interactive authentication?


Well, if using sftp (scp) you have ssh and therefore can let all terminal users 
run ssh, increasing security. On the other side, do you have ssh, you already 
have sftp, same coin. 

Have only worked with sftp, not scp, but with certificates generated, it is 
easy to make batch processes for it. Basis is the following (can be made more 
"unreadable" = efficient) Solaris Unix script:

---
SFILE="$HOME/cache/acme.dat"

/usr/5bin/echo "put $SFILE \n quit \n" |\ 
  sftp acme.batch@ac1.acme.com
---

Did a sftp batch control shellscript some months ago, that now runs regular for 
a data transfer.
Server exist for PC and different Unixes as well as OpenVMS (HP own version 
recommended by users). ws_ftp client/server works both ftp/s as sftp (and PGP 
to top up ;-) SSH.com and F-Secure/WRQ have the most known commercial versions, 
while OpenSSH.org is the freeware. 

Only thing to remember, if you run OpenSSH Win-server, the server needs to be 
run as a ordinary process, not server, and to own it's resources and disk 
areas. We had problems with that.

regards/kurt
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: securing communication channel (FTP) - Need Suggestions, Staff Netelion
Next by Date:  Re: RE: Masters program for Information Security?, Jawbox
Previous by Thread:  Re: securing communication channel (FTP) - Need Suggestions, Staff Netelion
Next by Thread:  SF new column announcement: Where's the threat?, Kelly Martin
Indexes:  [Date] [Thread] [Top] [All Lists]