To a limited extent, I have to respectfully disagree.
Bruce Dawson wrote:
>
> You can configure your firewall to allow FTP connections through. However this
> is generally considered a really bad thing to do for several reasons:
>
> 1. FTP passes passwords in clear text - anyone on the Mediaone segment can sniff
> them out.
While the concept here is true (ftp/plaintext passwords/BAD thing), I
don't believe that MediaOne users can sniff. I put my card at home into
promisc mode, took a look at a sniffer, and saw nothing but my own
traffic. I would reiterate that the point below about using ssh/scp
would be a MUCH better idea.
> 3. wu-ftpd has been compromised so often due to programming bugs and poor/old
> design that most people who care have lost count. Although most of the bugs have
> been promptly fixed (of late), there's likely more.
While this is true, the rc release of proftpd are pretty good and I've
always loved the apache-like configuration.
> However, if you have the firewall only for masquerading, and you really don't
> care about security, then you might as well put everything on the firewall box
> (ftp, web, mail, ...) You'll need a moderatly powerful system to handle the
> load, but those are relatively cheap... And you should advise your user
> community that the site should not be considered secure.
Honestly, depending on the number of users, etc, etc, the requirements
might not be all that high. I'm doing all of this on a single PPro 200
with 32 MB and a 2 gig drive. Again though, Bruce has an excellent
point in saying that you should warn users about the security concern.
--
I think animal testing is a terrible idea; they get all nervous and
give silly answers.
Cole Tuininga
Network Admin
Code Energy, Inc
[EMAIL PROTECTED]
(603) 766-2208
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
