On Thu, Oct 02, 2003 at 01:02:51PM -0400, Hal Burgiss wrote: > Because telnet and ftp are security nightmares, and no rational person > would want to run them.
To a very large extent, this is crap. Telnet can certainly be replaced by SSH, but there is no good firewall-friendly alternative to wu-ftpd. sftp_server and scp are *not* good alternatives due to their inability to control access to the extent that wu-ftpd does.
Disagree here, Ed.
I have caught NOC technicians at an ISP red-handed (I was working for the ISP at the time) sniffing FTP passwords over the network (for example, when corporations who had dedicated links with us set up FTP servers for their employees to access remotely) then using those passwords to snoop, sniff, and copy data or to steal access to services. They had already accumulated about 10,000 valid passwords, too.
Telnet and FTP send clear-text passwords all over the Internet, and they ARE security nightmares by dint of this simple reality. The fact that the alternatives you mention aren't good enough to fully replace them does not change that fact, IMHO.
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
