first, thanks very much for the detailed response.
----- Original Message -----
From: "Joseph A. Knapka" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, February 19, 2001 4:57 PM
Subject: Re: mapping a remote drive
> David Rothman wrote:
> >
> > ----- Original Message -----
> > From: "Joseph A. Knapka" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Sunday, February 18, 2001 2:49 PM
> > Subject: Re: mapping a remote drive
> >
> > > David Rothman wrote:
> > > >
> > > > is SSH with win 2000 really a practical solution for
the
> > > > 'simple' task of file xferring when ftp is an
available
> > > > option, or am i missing something?
> > > >
> > >
> > > SSH is practical. It's justified if you want security;
> > > transferring files via FTP is completely insecure.
> >
> > insecure how? easy to break into the system the server
sits
> > on (regardless of whatever security the server software
has
> > enabled)? easy to intercept files while they r being
> > xferred? can u be more specific?
>
> During an FTP session, the password and all data is
transferred
> in the clear, meaning that anyone with a network sniffer
can
> get your password or your data easily. Also, there are a
> number of root exploits against various FTP servers (I
don't
> know the details, just that they exist).
i've seen this mentioned before, but if u look around at the
various FTP programs, each boasts of its enhanced security.
isn't it possible some of the ftp's around have some
reasonable degree of security?
>
> > >
> > > I thought the desire was to share a SMB network drive
> > > across the internet when there are firewalls in the
way,
> > > in which case you will absolutely need some form of
> > > port-forwarding or VPN. The secure port-forwarding
> > > solution is SSH. Forgive me if I misunderstood the
> > > original question.
> >
> > in my situation (using win 2000 pro behind netgear rt311
> > routers), it's enuf to forward ports (which is what i do
for
> > VNC). im not quite sure how to setup SSH under windows.
> > actually im still confused about the differences between
> > VPN, IIS and SSH - but im working on it...
>
> Remember that VNC is also completely insecure. It would be
> fairly simple to build an application that would allow you
to
> view anyone's VNC desktop while they are connected to it,
> provided your physical network segment was part of the
> route between VNC client and VNC server (though I don't
know
> of anyone actually doing this). If you are accessing your
> desktop from the Internet, it is a very good idea to use
some
> form of encryption.
>
> http://www.jfitz.com/tips/ssh_for_windows.html has
information
> about free SSH clients and servers for Windows systems.
>
> VPN == Virtual Private Network. Essentially, VPN software
allows
> you to establish a secure connection between two secure
networks
> using the *insecure* Internet as the transport. For
example,
> I have a private network sitting behind a firewall at
home,
> and my employer has a private network at its development
> facility two timezones away. My firewall and my employer's
> firewall establish an encrypted link that acts as a
virtual
> LAN, allowing data to move from my private net to my
> employer's and vice versa (exactly as if they were
physically
> connected) without being vulnerable to sniffers on the
public
> networks across which the data must pass.
>
> IIS is just a web server, like Apache. Built and
> marketed by our noble pals at Micro$oft.
>
> SSH is essentially just a secure version of Telnet or any
> other remote terminal program: it lets you log in to a
remote
> machine and interact with a command shell.
> Unlike Telnet, SSH encrypts all the data it sends. It has
the
> additional ability to securely transfer selected network
> traffic between the client and server machines. It is
possible
> to build a VPN using SSH tunnels as the transport
mechanism,
> though it is more common to use purpose-built VPN software
> and protocols like PPTP (point-to-point tunnelling
protocol)
> or IPv6's security extensions.
is my following summary reasonable:
(1) if on an occasional basis u need to xfer a sensitive
document and if ftp is in fact insecure in all it's flavors,
u merely use some form of encryption (pgp or otherwise) and
send it using ftp (because of its simplicity). alternatively
one could go the SSH route, but it's a step up in
complexity.
(2) in situations where a regular connection is needed, one
would consider building a VPN.
and if ok, is the win 2000 VPN stuff a reasonable place to
start playing? how hard is it to work with?
thanks again...dave
>
> HTH,
>
> -- Joe Knapka
> ----------------------------------------------------------
-----------
> To unsubscribe, send a message with the line: unsubscribe
vnc-list
> to [EMAIL PROTECTED]
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ----------------------------------------------------------
-----------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
