Re: securing communication channel (FTP) - Need Suggestions
kurt_at_noaddress.org
Date: 06/28/05
- Previous message: Florian Rommel: "Re: program to store passwords"
- Maybe in reply to: Vicky Rode: "securing communication channel (FTP) - Need Suggestions"
- Next in thread: Staff Netelion: "Re: securing communication channel (FTP) - Need Suggestions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Jun 2005 15:40:31 -0000 To: security-basics@securityfocus.com('binary' encoding is not supported, stored as-is) Firstly, base your choice on the need, not on what standard.
What HW platforms do you have, what products do they support, do you have communication within or outside of the organisation and if so, what standard do the external partner have or is willing to use/accept.
When you know that, you know what to use as 1:st choice.
> (1) Secure FTP (SSL:FTPS)
>
> - Any pitfalls I need to be aware of from a
> setup/implementation standpoint?
Haven't used FTP/S so I can't really say, but on AS/400 and some other IBM mainframe env. it is standard. SSH/sftp do not exist. Tumbleweed and Ipswitch have Unix/PC versions.
> - How would the authentication to MySQL user
> database work?
? Wasn't it ftp the question was about? Do not run MySQL or any ftp-pluggin.
> (2) Secure HTTP (https)
>
> - Any pitfalls I need to be aware of from a
> setup/implementation standpoint?
Isn't real ftp, need the backend "CGI" to check transport. Usage more depending on if only web-access or not. Probably more unsecure, due to more security failings in web servers.
> (3)
> a. Scp:
> b. Sftp: Is it an interactive program? Does it
> provide non-interactive authentication?
Well, if using sftp (scp) you have ssh and therefore can let all terminal users run ssh, increasing security. On the other side, do you have ssh, you already have sftp, same coin.
Have only worked with sftp, not scp, but with certificates generated, it is easy to make batch processes for it. Basis is the following (can be made more "unreadable" = efficient) Solaris Unix script:
--- SFILE="$HOME/cache/acme.dat" /usr/5bin/echo "put $SFILE \n quit \n" |\ sftp acme.batch@ac1.acme.com --- Did a sftp batch control shellscript some months ago, that now runs regular for a data transfer. Server exist for PC and different Unixes as well as OpenVMS (HP own version recommended by users). ws_ftp client/server works both ftp/s as sftp (and PGP to top up ;-) SSH.com and F-Secure/WRQ have the most known commercial versions, while OpenSSH.org is the freeware. Only thing to remember, if you run OpenSSH Win-server, the server needs to be run as a ordinary process, not server, and to own it's resources and disk areas. We had problems with that. regards/kurt
- Previous message: Florian Rommel: "Re: program to store passwords"
- Maybe in reply to: Vicky Rode: "securing communication channel (FTP) - Need Suggestions"
- Next in thread: Staff Netelion: "Re: securing communication channel (FTP) - Need Suggestions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
