Re: Transfer files open shares vs ftp
From: Bronek Kozicki (brok@rubikon.pl)Date: 03/04/02
- Previous message: Parth Galen: "Removing the NTLM Hashes from the AD & SAM?"
- In reply to: pen test: "Transfer files open shares vs ftp"
- Next in thread: Jeremy Shelley: "RE: Transfer files open shares vs ftp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bronek Kozicki" <brok@rubikon.pl> To: "pen test" <pentestlist@hotmail.com>, <focus-ms@securityfocus.com> Date: Mon, 4 Mar 2002 21:20:15 +0100
> Feedback on shares vs ftp is appreciated.
Shares give you much wider access than writing to the file system alone.
That's why you should avoid them, and prefer other methods where only file
system is accessible. You may enforce encryption in following ways:
- use HTTP PUT, and NTLM authentication (rather poor encryption, but should
be sufficient in LAN)
- use HTTP PUT, and require SSL on virtual catalog / site where developers
have write access to.
- use HTTP PUT or FTP, access only from selected IPs, and configure these
IPs in VPN or IPSec.
I DO NOT encourage you to use Front Page extension - its almost useless and
dangerous gadget. If you consider HTTP variant, simple grant write access to
virtual directory for your developers (+ auth. requirement +some reasonable
ACL +other restrictions). Of course, production should serve these files
from different site !
Regards
B.
- Previous message: Parth Galen: "Removing the NTLM Hashes from the AD & SAM?"
- In reply to: pen test: "Transfer files open shares vs ftp"
- Next in thread: Jeremy Shelley: "RE: Transfer files open shares vs ftp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
