Well to some extent you are Wright, all file servers are somewhat insecure. The reason why FTP servers are particular insecure, is that FTP is an old protocol made for speed and reliability, but without security. Usernames and password are sent unencrypted over the network, often FTP servers accept anonymous logon. Also FTP servers are part of some operating systems sometimes even the TFTP (trivial file transfer protocol) protocol are present which is also totally without security. Often when you analyse successful hacks, you will find that FTP commands has been used to upload backdoors and other things to the attacked system or FTP has been used to retrieve password files and other useful stuff from your system. FTP servers must always be placed on DMZ FTP must be removed from system and ports (20 and 21) must be blocked at all levels possible.
Other Fileserver systems can also be problematic. SMB (windows file system protocol) also has vulnerabilities that can be used as I am sure that Linux has to. Regards Kim -----Oprindelig meddelelse----- Fra: NC Agent [mailto:[EMAIL PROTECTED] Sendt: 5. juli 2003 18:01 Til: Kim Guldberg Cc: 'Mitch Pirtle'; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Emne: Re: SV: Ten least secure programs ftp servers? thats like saying all file servers -- Success On Hold / The Voice Recording Corp (www.soh.co.za) / (www.tvrc.co.za) [EMAIL PROTECTED] tel: +27 31 2074811 fax: +27 31 2074710 On Wed, 2 Jul 2003, Kim Guldberg wrote: > A couple more could be > > Remote access programs such as PCanywhere > ICQ > MSN Messenger > FTP servers > > -----Oprindelig meddelelse----- > Fra: Mitch Pirtle [mailto:[EMAIL PROTECTED] > Sendt: 1. juli 2003 03:29 > Til: Chris Berry > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Emne: Re: Ten least secure programs > > On Sat, 2003-06-28 at 18:08, Chris Berry wrote: > > I'm putting together a list of what seem to be the ten least secure > computer > > items in use today with the idea of having a set of things to > recommend > > AGAINST people using, probably to be posted on the IT room door with a > note > > like "NO, you cannot use the following!!". Here is what I have so > far, I'm > > looking for additions and comments. The list is in order from with > the > > worst offender being number one. These should be products whose > inheirent > > design is flawed, not that are just difficult to secure. I expect > vigorous > > discussion. *putting on flame retardent garments* Oh, and leave > Operating > > systems out of this one. > > > > 1) Microsoft Outlook > > 2) Telnet > > 3) Sendmail > > 4) IIS Server > > 5) Wireless networking > > 6) PHP > > 7) ? > > 8) ? > > 9) ? > > 10) ? > > 7) BIND > 8) FrontPage > 9) CGI (on a webserver, that is) > and my all-time favorite, > 10) Anything that is labeled "hacker proof" > > Dude, I'm turning into David Letterman. > > Oh, IMNSHO, PHP isn't insecure, its the people using it. I could do > just as much damage writing something in Perl, .NET, even HTML... > Pretty much anything 'cept python ;^P > > -- Mitch > > > ------------------------------------------------------------------------ > --- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top > analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access > in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > ------------------------------------------------------------------------ > ---- > > > > > ------------------------------------------------------------------------ --- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > ------------------------------------------------------------------------ ---- > ------------------------------------------------------------------------ --- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
