Re: file sharing

Subject: Re: file sharing
From: Lou Quillio <public -at- quillio -dot- com>
To: obair <obair81 -at- comcast -dot- net>
Date: Fri, 23 Jun 2006 13:03:23 -0400

obair wrote:
> Our ftp site is not working, and won't be for some time.

Tangent: let's hope it never works again. FTP is insecure,
shouldn't be used for business, and generally shouldn't be used at all.

I know what you're thinking. Not every piece of data is sensitive.
Why get hinky over mundane file transmissions?

That's not it. Somebody could camp on most of my file transfers,
sniff and stitch those packets, and they'd be totally disappointed
by the files I'm moving. Usually no big deal.

I know what you're thinking. "If they're sensitive, I'll encrypt
the files before FTP-ing."

That won't get it either.

The bad guys aren't dumb. They don't need to snatch your files in
transit. They want your FTP username and passwd, which FTP
conveniently transmits in cleartext. Armed with your account data
they can log-in any time. Hmm, wonder which other services use the
same login. Worth a crack.

SSH or SFTP, always. Always. Yes because the files traverse an
encrypted tunnel but, more critically, so do your login credentials.

Re commercial services, same deal. Transfers *and* logins must take
place over HTTPS at a minimum. Must. If not, you must assume
they've been compromised, because you can't know that they haven't
been. Must Assume Compromise.

FTP will bite you, eventually, and you won't even know.

Any questions? ;)

LQ
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WebWorks ePublisher Pro for Word features support for every major Help
format plus PDF, HTML and more. Flexible, precise, and efficient content
delivery. Try it today!. http://www.webworks.com/techwr-l

Doc-To-Help includes a one-click RoboHelp project converter. It's that easy. Watch the demo at http://www.DocToHelp.com/TechwrlList

---
You are currently subscribed to TECHWR-L as archive -at- infoinfocus -dot- com -dot-

To unsubscribe send a blank email to
techwr-l-unsubscribe -at- lists -dot- techwr-l -dot- com
or visit http://lists.techwr-l.com/mailman/options/techwr-l/archive%40infoinfocus.com


To subscribe, send a blank email to techwr-l-join -at- lists -dot- techwr-l -dot- com

Send administrative questions to lisa -at- techwr-l -dot- com -dot- Visit
http://www.techwr-l.com/techwhirl/ for more resources and info.


Follow-Ups:

References:
file sharing: From: obair

Previous by Author: Re: Disaster Recovery Procedures
Next by Author: Re: file transfer security WAS RE: file sharing
Previous by Thread: File sharing?
Next by Thread: file transfer security WAS RE: file sharing


What this post helpful? Share it with friends and colleagues:


Sponsored Ads