security experts please explain in Security

security experts please explain in Security http://www.dslreports.com/forum/r17324726 en Mon, 30 Nov 2009 13:28:43 EDT Mon, 30 Nov 2009 13:28:43 EDT Re: security experts please explain http://www.dslreports.com/forum/remark,17329486 major marco :

said by kracksmith

:

does somebody just run a certain sniffer monitoring program on a public IP ftp server, as easy as that?

If s/he is that obstinate about it, then I say let your "customer" live and learn. And what are you doing with clientele if you are not able to intelligently explain security issues. I hope they aren't paying you for your dearth of expertise. :uhh:
--
The Toll

]]> http://www.dslreports.com/forum/remark,17329486 Thu, 23 Nov 2006 11:56:35 EDT Re: security experts please explain http://www.dslreports.com/forum/remark,17329010 arleybls :

said by kracksmith

:

does somebody just run a certain sniffer monitoring program on a public IP ftp server, as easy as that?

No it is not that easy...but it could be as simple as arp poisoning on the same server's subnet to more sophisticated attacks against one of the hops in which the traffic flows...or...maybe, wire tapping the media :-)

If your boss concern is performance, you could use IPsec to encrypt only, at least, the FTP's control/command channel (port 21), all data would still be sent in clear trough the data channel...]]> http://www.dslreports.com/forum/remark,17329010 Thu, 23 Nov 2006 10:28:13 EDT Re: security experts please explain http://www.dslreports.com/forum/remark,17328905 SoonerAl : This thread may be of interest...

»unsecure FTP

At a bare minimum you could use the built-in MS PPTP VPN server/client function with a strong password for the authorized users for simple but safe file access from a remote location.
--
"When all else fails, read the instructions..."]]> http://www.dslreports.com/forum/remark,17328905 Thu, 23 Nov 2006 10:07:58 EDT Re: security experts please explain http://www.dslreports.com/forum/remark,17328624 hayc59 : Hello, and welcome
give it some time...these professionals
are preparing their turkeys! ;)]]> http://www.dslreports.com/forum/remark,17328624 Thu, 23 Nov 2006 08:58:03 EDT Re: security experts please explain http://www.dslreports.com/forum/remark,17328534 kracksmith : anybody??]]> http://www.dslreports.com/forum/remark,17328534 Thu, 23 Nov 2006 08:23:57 EDT security experts please explain http://www.dslreports.com/forum/remark,17324726 kracksmith : Ok let's just saying one of my customer is running a IIS 6.0 FTP server (which he is by the way).
He doesn't want to be running any encryptions on the FTP server. I tell him this is dangerous and somebody can sniff out your clear text username and password.

he said he doesn't go into this FTP all the time but just seldomly plus he likes the IE FTP client, it's easy to use and it's available anywhere he goes. he doesn't want to rely on a encrypted ftp client which he needs to carry or download.

he also said if somebody where to sniff out his password that hacker has to know exactly when he's logging into the FTP server which he says is impossible.

i told him i read hacker can monitor his public and leave a sniffer there 24/7. he said how? i couldn't explain this since i'm not a hacker but from a security stand point i like to know how this is done?

does somebody just run a certain sniffer monitoring program on a public IP ftp server, as easy as that? ]]> http://www.dslreports.com/forum/remark,17324726 Wed, 22 Nov 2006 16:13:59 EDT