Re: Alternatives to sftp?

From: Brad Arlt (arlt_at_cpsc.ucalgary.ca)
Date: 10/16/03

  • Next message: Kiran Maraju: "RE: Load Balancing on AIX system." 
    Date: Wed, 15 Oct 2003 20:13:16 -0600
To: John Sec <john_sec_lists@hotmail.com>

    On Wed, Oct 15, 2003 at 07:37:04PM +0000, John Sec wrote:
    > Hey list,

    Hello citizen.

    > I was wondering what the alternatives were to something like sftp?
    > I have two servers that need to send files (approx. 10mb) to each
    > other a couple of times a day and I wanted to know what other
    > options I had to do it securely. Is there anything else out there
    > besides sftp and pgp for something like this?

    I gotta figure you are hoping there is something faster. And there
    really isn't.

    If you need the file to be encrypted during transfer, no matter what
    way you transfer it, it still has to be encrypted and this is where
    the CPU time goes.

    If you don't need the crypto, but want to ensure integrity, use a
    cypher of "none" in ssh (some servers, rightfully, force a cypher
    other than none).

    If you really do need encrypted traffic, you might want to make sure
    you are using AES or TwoFish rather than 3des as they are much faster.
    Arcfour is even faster, but not felt to be as secure.

    You could use rsync over ssh if the files don't change much. This
    will save a bit of bandwidth, and maybe some CPU.

    PS You mention ssh *and* pgp. If your files are encrypted with pgp,
            they don't need to be encrypted during transit.
    -----------------------------------------------------------------------
       __o Bradley Arlt Security Team Lead
     _ \<_ arlt@cpsc.ucalgary.ca University Of Calgary
    (_)/(_) Joyously Canadian Computer Science

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
    ----------------------------------------------------------------------------

  • Next message: Kiran Maraju: "RE: Load Balancing on AIX system."

    Relevant Pages

    • Re: Alternatives to sftp?
      ... SCP or Rsync over SSH. ... SSH for my backup's at my office. ... Better Management for Network Security ...
      (Security-Basics)
    • SV: Wireless Network assessment
      ... Most wireless equiptment has got some kind of access control mechanism, ... If you can overcome this problem, the security assessment is no different ... from that of a wired network. ... PGP / XML GATEWAY APPLIANCE ...
      (Security-Basics)
    • simulate attacks
      ... login through ssh, on a remote machine in "actual" conditions. ... I got a little network with 2 machines and a hardware router. ... I'm just trying to teach myself some skills on security issues. ...
      (comp.security.unix)
    • Re: remote connection impossible
      ... Instead of trying to throw the display directly use 'ssh' to connect. ... the network with the '-nolisten tcp' option as a security measure. ... X server will not even be listening to the network. ...
      (Debian-User)
    • SecurityFocus Microsoft Newsletter #50
      ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ...
      (Focus-Microsoft)