In a message dated: Wed, 17 May 2000 16:06:48 EDT
Brice Gibson said:
>We are opening an FTP server to the Internet. The FTP server potentially
>will handle multiple simultaneous connections.
>
>The FTP server is a private server requiring a username and password.
>Yes we are running M$ and SQL Server, but will migrate to UNIX and probably
>Oracle before the year is out.
>
>Questions:
>1. Generally speaking is there a limit on simultaneous FTP connections?
>2. Are usernames and passwords sent via clear text?
>3. If so, what do you suggest to encrypt them? (VPN?)
>4. Are there any other security risks (besides the security hole called
> Win2000) that I should be aware of?
Are you saying that the ftp server you're planning on placing on the 'net is a
Win2k server? If so, there's not much I can say about securing it, since IIS
and SQL server have more holes than a sieve.
If it's a Linux box, I recommend looking at Evi Nemeth's "System
Administrator's Handbook" and reading up on how to set up ftp servers.
For security purposes, I would recommend using OpenSSH if you're really
concerned, since yes, normal ftp does send usernames/passwords in cleartext.
(For anon ftp this isn't a big deal, for secure ftp it is!).
Good luck.
--
Seeya,
Paul
----
"I always explain our company via interpretive dance.
I meet lots of interesting people that way."
Niall Kavanagh, 10 April, 2000
If you're not having fun, you're not doing it right!
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************