[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure File Transfers

To: LUCI List <luci-discuss@luci.org>
Subject: Re: Secure File Transfers
From: "Bryan J. Smith" <b.j.smith@ieee.org>
Date: Thu, 28 Jul 2005 16:02:38 -0500
Cc: Silug Discuss <silug-discuss@silug.org>
In-Reply-To: <20050728202955.7CA254F771@ws6-5.us4.outblaze.com>
Organization: Southern Illinois Linux Users Group
References: <20050728202955.7CA254F771@ws6-5.us4.outblaze.com>
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org

On Thu, 2005-07-28 at 14:29 -0600, Tim McDonough wrote:
> In responding to my question regarding SSH attacks several have pointed
> out that old ftp is not the best way to transfer files these days.
> There seem to be several options and alternatives. We need something
> that has both Linux and Windows clients. Recommendations?

IETF RFC2228 FTP-SSL (FTPS) is pretty much becoming defacto standard now
in the financial (among other) worlds.  FTPS is _not_ like HTTP-SSL
(HTTPS) where you "dumbly" tunnel the stream.  It's far more intelligent
and involved.

Unfortunately, many vendor FTPS implementations are _broken_ and not
RFC2228 compliant.

In the absence of a widespread FTPS solutions, many companies have moved
to either SSH (SCP/SFTP) or proprietary HTTPS command sets.

One issue with SSH is proxying, because the protocol is inherently built
to deter man-in-the-middle much, much better than SSL.  Some people
consider this an issue, but it's actually part of its security feature.
SSH is designed to prevent transparent proxying from working, because
that's how most man-in-the-middle attacks work.

Although HTTPS itself is an open, streaming protocol, using HTTPS for
file management is not standardized.  Although some vendors are moving
to WebDAV support, most of the popular HTTPS file transfers in use are
proprietary.  Tumbleweed Communications (formerly Valicert) is probably
the leading vendor here because of their flexible solutions.

> The one advantage of ftp, which may not be unique to ftp, is that even
> most common flavors of windows have a command line client so even when
> you're at a machine where installing software is not allowed (aka
> school) you can usually move files on and off the machine.

I don't consider a 12 year port from 4.3BSD to be a viable solution
simply because it's included as standard on Windows today.  Microsoft's
simple TCP/IP services are rather pathetic.

Which is why I recommend Cygwin as a standard install on every Windows
image.  MONAD was supposed to solve this with Longhorn, but it's now out
and will only be an unsupported add-on.

-- 
Bryan J. Smith                                     b.j.smith@ieee.org 
--------------------------------------------------------------------- 
It is mathematically impossible for someone who makes more than you
to be anything but richer than you.  Any tax rate that penalizes them
will also penalize you similarly (to those below you, and then below
them).  Linear algebra, let alone differential calculus or even ele-
mentary concepts of limits, is mutually exclusive with US journalism.
So forget even attempting to explain how tax cuts work.  ;->

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

References:
- Secure File Transfers
  - From: "Tim McDonough" <tim@mcdonough.net>

Prev by Date: Re: Secure File Transfers
Next by Date: Re: Secure File Transfers
Prev by thread: Re: Secure File Transfers
Next by thread: Re: Secure File Transfers
Index(es):
- Date
- Thread