I agree. As I said, the real security issue, if there is one in the situation you described, is not the hardware. In a situation like that, if sensitive information gets out, it is probably on a floppy or CD.
Doug --- Dustin Puryear <[EMAIL PROTECTED]> wrote: > Jason, while I certainly appreciate everyone being very security > focused > here, I think this is getting a bit complex for editing webpages. > Is the > data in the webpages in any way confidential? If not then just use > the ftp > feature you mentioned in the editor. > > I guess the question is if this information is worth the amount of > trouble > required to secure it? Is there any reason to expect an internal > employee > would spoof your MAC on the switch and sniff your network traffic? > > There are many situations where a decision is made that convenience > or > manageability is more important than security. Take NIS, NFS, HTTP, > SMTP, > POP3, and IMAP for example. So look at where you will be deploying > a > protocol (ie., internally) and decide if it's okay to lower your > security > requirements. In many situations it is okay. > > Regards, Dustin > > At 04:59 PM 6/26/2002 -0700, you wrote: > >Jason: > > I could be wrong on this one, but I do not think that FTP > can be > >used with ssh. The FTP protocol is too old and sends everything > in > >the clear. There is an sftp client, but I have not had any > success > >with it. There is a brief howto at sourceforge on it, but they > >really do not seem to support the protocol. > > > >Doug Riddle > > > >--- Jason DeWitt <[EMAIL PROTECTED]> wrote: > > > Most of this would be done on the local lan,I don't feel much > like > > > working > > > when I get home, I just play games. =) > > > > > > Yeah, I can scp it up there, but then that negates the whole > > > conversation, > > > becasue I was wanting to get away from making a change to a > file > > > then having > > > to upload it to the server every time. either via ftp or scp. > I > > > just > > > realized I don't think I told everyone that I was talking about > > > editing > > > webpages here. > > > > > > I think I am going to try out that ftpfs, but back to our > security > > > discussion, can't you tunnel your ftp session through ssh? If > so is > > > that > > > something that the server will have to be set up to allow? I > would > > > assume > > > so. > > > ----- Original Message ----- > > > From: "John Hebert" <[EMAIL PROTECTED]> > > > To: <[email protected]> > > > Sent: Wednesday, June 26, 2002 5:08 PM > > > Subject: Re: [brlug-general] vfs? > > > > > > > > > > --- Jason DeWitt <[EMAIL PROTECTED]> wrote: > > > > > well, that is kind of hard to answer. Our main > > > > > production server is > > > > > windows2000, and I have a small linux box running > > > > > apache for my wife's > > > > > website and I mess around on it too. If I am at > > > > > work, I am accessing > > > > > them from a Win2k workstation. If I'm at home, it > > > > > will be either a Win2k > > > > > box or Linux, depending on if I rebooted or not. =) > > > > > > > > Ai-yi-yi. > > > > > > > > > I know I could do either NFS or Samba, but aren't > > > > > there considerable > > > > > security risks? Especially doing NFS over the > > > > > internet? I know windows > > > > > file sharing is full of holes, since Samba is > > > > > emulating that, does it > > > > > have the same shortcomings? > > > > > > > > Sure, the same risks exist. But I was assuming a LAN. > > > > If your connections are both LAN and Internet, then > > > > you really should install OpenSSH 3.4 on your boxen > > > > and just do 'scp file > > > > [EMAIL PROTECTED]:/ftp/dir/blah/blah/'. You can compile > > > > OpenSSH under cygwin or I _think_ ssh.com has an sshd > > > > for Windoze boxes. > > > > > > > > You should not use valuable passwords over FTP over > > > > the Internet, for all the reasons stated before. You > > > > can configure ssh/scp to use locally stored keys and > > > > therefore not need passwords, which is really more > > > > secure than passwords, when you think about it. > > > > > > > > John Hebert > > > > > > > > > ha! It's amazing what you can find when you know the > > > > > right words to > > > > > search for in google! Have a look at this, > > > > > > > > > http://www.mandrakeuser.org/docs/connect/cnetips2.html > > > > > > > > > > John Hebert wrote: > > > > > > What operating systems are you using on the client > > > > > and > > > > > > server, Jason? You can use NFS to mount remote > > > > > > filesystems between UNIX boxen, and if your client > > > > > is > > > > > > a Windoze box and the server is a UNIX box, you > > > > > can > > > > > > use SAMBA to make the UNIX box look like a Windoze > > > > > > box. > > > > > > > > > > > > But if mounting an FTP dir is what you want, I > > > > > believe > > > > > > it is doable, as I've heard of others in the past > > > > > > doing it. I just don't know how. :P > > > > > > > > > > > > Good luck! > > > > > > John Hebert > > > > > > > > > > > > --- Doug Riddle <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > >>Jason: > > > > > >> A couple of things... > > > > > >> If the server is on your lan, then you > > > > > probably > > > > > >>do not have to > > > > > >>use FTP to get to that directory. The FTP > > > > > directory > > > > > >>is just another > > > > > >>directory on the sever. The server connects FTP > > > > > >>requests to that > > > > > >>directory as a an FTP share by default. If you > > > > > can > > > > > >>browse the > > > > > >>server, you can probably mount that directory > > > > > >>without FTP. (It helps > > > > > >>to be admin to do that... ;->) > > > > > >> A switched network is still venerable to > > > > > >>sniffing, the nature of > > > > > >>the switches or hubs doesn't stop a sniffer. > > > > > >>However, if your LAN is > > > > > >>locallized, and does not connect remote sites, > > > > > then > > > > > >>sniffing is less > > > > > >>likely. > > > > > >> For what you are doing, I would suggest > > > > > trying > > > > > >>to get the rights > > > > > >>to access the sever without FTP. Barring that, > > > > > you > > > > > >>might look into > > > > > >>tcl, or Midnight Commander. If they won't let you > > > > > >>connect to the FTP > > > > > >>share without FTP, they probably will not be happy > > > > > >>with tcl though > > > > > >>either. > > > > > >> > > > > > >>Doug Riddle > > > > > >> > > > > > >>--- Jason DeWitt <[EMAIL PROTECTED]> wrote: > > > > > >> > > > > > >>>Yeah, I'm looking for the convience. Plus, I'm on > > > > > >> > > > > > >>the same LAN as > > > > > >> > > > > > >>>where > > > > > >>>I am transferring these files. It is a switched > > > > > >> > > > > > >>network, as I > > > > > >> > > > > > >>>understand > > > > > >>>it you shouldn't be able to sniff that out. > > > > > >>> > > > > > >>>I've done some research, it seems that vfs is > > > > > what > > > > > >> > > > > > >>allows you to > > > > > >> > > > > > >>>mount > > > > > >>>diffrent filesystems to the one you are running. > > > > > >> > > > > > >>ie: fat32, ntfs, > > > > > >> > > > > > >>>the > > > > > >>>bsd filesystem(can't remember name). Some of what > === message truncated === ===== Warmest Regards, Doug Riddle http://www.dougriddle.com ## Firearms are second only to the Constitution in importance; they are the Peoples' Liberty Teeth." - George Washington ## __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
