Hi all - can anyone tell me of a KN article or something published online
that covers the security risks involved with FTP with replication? If you
don't know of an article could you please give me an overview of what risks I
should consider. Thanks.
I can't find a link but here is my understanding.
Using anonymous authentication anyone can assess your ftp server and
download your data. You have the ability to restrict this to a range of IP
addresses. IE only clients from certain IP addresses will be able to connect
to your FTP server and download your files.
If you use NT authentication, the password will travel clear text and if
someone is on a fishing expedition and is filtering traffic going across a
router your ip traffic is using, they can read this password. It is more
likely that the compromise will be done in your own network by a disgruntled
employee as opposed to a hacker on the wild.
Before you reject FTP outright, keep in mind that many ip applications use
clear text password - ie pop, telnet, etc. People get all excited about
clear text ftp passwords and have no problem using pop. Go figure. Also
anonymous authentication means only the password travels across the internet
clear text. NT authentication means the account and password travel across
the internet clear text.
The danger is, that if the hacker gets your password and account, chances
are you are using variations of the account and password on your internal
networks and you have essentially handed your hacker a set of keys to try
against your network.
The real question you must ask yourself is
1) what is the risk
2) what is the liability.
The risk is arguable and demonstrateably low, but the liability could be
huge or could be insignificant. I have had clients who have no problem with
using ftp and couldn't care less if hackers get hold of their data. They
have no problem with using anonymous authentication.
Financial institutions care deeply if hackers get hold of their data because
it could mean have privacy implications, and such a compromise could
seriously damage their credibility and customers confidence in their
security.
Microsoft recommends using a VPN for all internet traffic.
"J Jetson" <JJetson@.discussions.microsoft.com> wrote in message
news:241D6295-0181-411A-8393-20DF791B4197@.microsoft.com...
> Hi all - can anyone tell me of a KN article or something published online
> that covers the security risks involved with FTP with replication? If you
> don't know of an article could you please give me an overview of what
> risks I
> should consider. Thanks.
|||Hilary - thanks for all the good info.
No comments:
Post a Comment