Security Basics mailing list archives

Re: securing communication channel (FTP) - Need Suggestions

From: "Gustavo Paredes" <gustavo.paredes () internet-solutions com co>
Date: Mon, 27 Jun 2005 17:52:46 -0500

Hi, you can use scp whitout interactive authentication.


Cordial saludo,

         Ing. Gustavo Paredes M.
      Security Consultant - CISSP
       Internet Solutions Colombia
  "The Information Security Experts"
http://www.internet-solutions.com.co
 gustavo.paredes () internet-solutions com co
       Phone (movil):(300)2089644
 Phone (office):(091)3120910 ext 12

CONFIDENCIAL. La información contenida en este e-mail y cualquier archivo
anexo es confidencial y sólo puede ser utilizada por el individuo o la
compañía a la cual está dirigido. Si no es usted el destinatario
autorizado, cualquier retención, difusión, distribución o copia de este
mensaje está prohibida y es sancionada por la ley. Si por error recibe este
mensaje, le ofrecemos disculpas y le agradecemos reenviar el mensaje al
emisor original y eliminarlo de su inbox inmediatamente.
----- Original Message ----- 
From: "Vicky Rode" <aptgetd () gmail com>
To: <security-basics () securityfocus com>
Sent: Monday, June 27, 2005 3:18 PM
Subject: securing communication channel (FTP) - Need Suggestions

Hi,

I'm looking at ways trying to secure communication channel (file
transfer to be specific) which occurs between my master (ftp
downloads)/slave (remote clients) FTP servers. Since this communication
channel is in the clear which means anyone listening can acquire the
login credentials. Not to mention man-in-the middle attack.

I'm currently pondering using one of the following options and was
wondering if anyone could provide their thoughts and feedback (pros/cons):


(1) Secure FTP (SSL:FTPS)

- Any pitfalls I need to be aware of from a setup/implementation

standpoint?

- How would the authentication to MySQL user database work?

(2) Secure HTTP (https)

- Any pitfalls I need to be aware of from a setup/implementation

standpoint?

- How would the authentication to MySQL user database work?

(3) a. Scp:
       b. Sftp: Is it an interactive program? Does it provide
non-interactive authentication?


Any pointers will be greatly appreciated.



regards,
/vicky

Current thread:

securing communication channel (FTP) - Need Suggestions Vicky Rode (Jun 27)
- Re: securing communication channel (FTP) - Need Suggestions Gustavo Paredes (Jun 28)
- Re: securing communication channel (FTP) - Need Suggestions Joel Merrick (Jun 28)
- Re: securing communication channel (FTP) - Need Suggestions Ansgar -59cobalt- Wiechers (Jun 28)
- Re: securing communication channel (FTP) - Need Suggestions Staff Netelion (Jun 28)
- <Possible follow-ups>
- Re: securing communication channel (FTP) - Need Suggestions kurt (Jun 28)