Transfer files open shares vs ftp

From: pen test (pentestlist@hotmail.com)
Date: 03/02/02


From: "pen test" <pentestlist@hotmail.com>
To: focus-ms@securityfocus.com
Date: Sat, 02 Mar 2002 04:40:12 +0000

Ok here is the problem. There is a NT 4.0 server running IIS web service
and ftp service. The network is fire walled and all that. Now the actual
problem. Developers updating the site running on the server use shares to
transfer files. The acl permissions are set very tite at the ntfs and share
level, with only access granted to the accounts which need it. (domain
accts). What is the recommended/more secure way to put files on the server?
FTP or via open shares?

FTP would seem the more secure way in thought but then again ftp logins are
clear txt where as authentication for the shares has at least some level of
encryption (though can be broken with l0phtCrack if sniffed.
The network is 10/100 switched and even though switched it can be sniffed so
that is not my concern.

Feedback on shares vs ftp is appreciated.

thanks

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com