Re: Speaking of FTP...

From: Daniel Billingsley (dbillingsley@NO.durcon.SPAAMM.com)
Date: 04/01/03 

From: "Daniel Billingsley" <dbillingsley@NO.durcon.SPAAMM.com>
Date: Tue, 1 Apr 2003 16:31:00 -0500

Thanks for the input guys, but I still have a specific area of ignorance:

In this particular case the ISP says no FTP because it's insecure, but has
the FrontPage (webdav, right?) extensions running. Seems to me trading one
vulnerability for another one. Does FrontPage at least use secure
authentication by default, or what? What am I missing in my knowledge that
would make the FP extensions inherently more secure than FTP?

"x y, mvp" <levinson_k@despammed.com> wrote in message
news:#bxqkPI#CHA.1996@TK2MSFTNGP12.phx.gbl...
> Well, for one, it tends to pass passwords in clear text unless you take
> special measures. Not too different from HTTP, except that most people
> don't think about using encryption on FTP. People wanting security with
> their file transfers are probably as likely or more likely to choose
another
> method, maybe SSH.
>
> More likely your ISP forbids it because 1) most ISPs want to create
> artificial levels of service so that you need to pay extra for the ability
> to run a server, 2) discourage people from using a home account for
business
> purposes without paying extra for business class service, and 3) insecure
> FTP servers are a frequent target of hackers and one hacked server alone
can
> sap lots of bandwidth. It's probably not such a bad thing that an ISP
> forces its customers to think about security issues and more secure
> alternatives in this way.
>
> "Daniel Billingsley" <dbillingsley@NO.durcon.SPAAMM.com> wrote in message
> news:unqNelH#CHA.2072@TK2MSFTNGP10.phx.gbl...
> > I have heard it mentioned several times that FTP is inherently prone to
> > security problems. Our current ISP doesn't even allow it all for this
> > reason.
> >
> > But they allow WebDAV (FrontPage) modifications.
> >
> > What is it about FTP (asuming it's not anonymous access - duh) that
makes
> it
> > so insecure, especially as compared to FrontPage extensions?
> >
> >
>
>

Relevant Pages

  • Re: Database doesnt work
    ... And if the site has the FP SE don't FTP, ... |> within the website, and some DBresultpages to get the data displayed. ... Now according to my ISP i have to FTP ... |> the site to my domain and it should work, ASP is enabled on the server. ...
    (microsoft.public.frontpage.programming)
  • Re: how to assign 2 IPs to server + using 2 isp ?
    ... > The problem with running two FTP front end servers is that i would need to ... Default Gateway and not the Nic it originally came in on. ... would be "helpless",...that is, the packet would get to the server from the ... have both ISP links comming into it (3 interfaces total with the FTP on the ...
    (microsoft.public.win2000.networking)
  • RE: Port 21 blocked by ISP
    ... My ISP only provides me with a dynamic ... > ftp server to use port 7721. ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: [SLE] KDE3.3.1
    ... On Tuesday 19 October 2004 07:16 am, Steve Kratz wrote: ... Are their any good FTP programs you know of? ... > goes right back on the server. ... then transfer them to the ISP that runs our webpage. ...
    (SuSE)
  • Re: Speaking of FTP...
    ... FTP servers are a frequent target of hackers and one hacked server alone can ... It's probably not such a bad thing that an ISP ... forces its customers to think about security issues and more secure ...
    (microsoft.public.security)