Security Basics mailing list archives
Re: securing communication channel (FTP) - Need Suggestions
From: "Gustavo Paredes" <gustavo.paredes () internet-solutions com co>
Date: Mon, 27 Jun 2005 17:52:46 -0500
Hi, you can use scp whitout interactive authentication. Cordial saludo, Ing. Gustavo Paredes M. Security Consultant - CISSP Internet Solutions Colombia "The Information Security Experts" http://www.internet-solutions.com.co gustavo.paredes () internet-solutions com co Phone (movil):(300)2089644 Phone (office):(091)3120910 ext 12 CONFIDENCIAL. La información contenida en este e-mail y cualquier archivo anexo es confidencial y sólo puede ser utilizada por el individuo o la compañía a la cual está dirigido. Si no es usted el destinatario autorizado, cualquier retención, difusión, distribución o copia de este mensaje está prohibida y es sancionada por la ley. Si por error recibe este mensaje, le ofrecemos disculpas y le agradecemos reenviar el mensaje al emisor original y eliminarlo de su inbox inmediatamente. ----- Original Message ----- From: "Vicky Rode" <aptgetd () gmail com> To: <security-basics () securityfocus com> Sent: Monday, June 27, 2005 3:18 PM Subject: securing communication channel (FTP) - Need Suggestions
Hi, I'm looking at ways trying to secure communication channel (file transfer to be specific) which occurs between my master (ftp downloads)/slave (remote clients) FTP servers. Since this communication channel is in the clear which means anyone listening can acquire the login credentials. Not to mention man-in-the middle attack. I'm currently pondering using one of the following options and was wondering if anyone could provide their thoughts and feedback (pros/cons): (1) Secure FTP (SSL:FTPS) - Any pitfalls I need to be aware of from a setup/implementation
standpoint?
- How would the authentication to MySQL user database work? (2) Secure HTTP (https) - Any pitfalls I need to be aware of from a setup/implementation
standpoint?
- How would the authentication to MySQL user database work? (3) a. Scp: b. Sftp: Is it an interactive program? Does it provide non-interactive authentication? Any pointers will be greatly appreciated. regards, /vicky
Current thread:
- securing communication channel (FTP) - Need Suggestions Vicky Rode (Jun 27)
- Re: securing communication channel (FTP) - Need Suggestions Gustavo Paredes (Jun 28)
- Re: securing communication channel (FTP) - Need Suggestions Joel Merrick (Jun 28)
- Re: securing communication channel (FTP) - Need Suggestions Ansgar -59cobalt- Wiechers (Jun 28)
- Re: securing communication channel (FTP) - Need Suggestions Staff Netelion (Jun 28)
- <Possible follow-ups>
- Re: securing communication channel (FTP) - Need Suggestions kurt (Jun 28)