FTP Server

Blake Barnett plug-discuss@lists.plug.mybutt.net
17 Jan 2002 16:23:12 -0700 

Tom,

I'm sorry if you felt I was being condescending, that was not my
intention.  I was trying to clear the air a little w/regards to FTP and
security.  They are only my opinions and were given with the best of
intentions.  

The comment about RedHat was all in good fun, I know Mr. White knows
RedHat is not "Linux", but a distribution of it.

I find it disturbing when people won't switch from the "top-dog" simply
because they are the "top-dog", or because they are just used to
whatever it is.  Change is good, as long as it is for the right
reasons.  ;)  


On Thu, 2002-01-17 at 12:49, Tom Achtenberg wrote:
> Thanks Nige.  I for one am getting quite tired of all the "holier than thou" flaming from a few of the members who think they know it all and their way is the only way.  If some of you do not want to help us newbies than just delete our messages.  You don't have to flame us and talk down at us like some of you do.  Remember, you all were new to Linux at one time too.
> 
> -----Original Message-----
> From: Nancy Sollars [mailto:dnancy2@qwest.net]
> Sent: Thursday, January 17, 2002 12:24 PM
> To: plug-discuss@lists.plug.mybutt.net
> Subject: Re: FTP Server
> 
> 
> All im going to say about this reply Blake is -- Nice
> 
> Respect
> 
> Nige
> 
> ----- Original Message -----
> From: "Blake Barnett" <blake.barnett@developonline.com>
> To: <plug-discuss@lists.plug.mybutt.net>
> Sent: Thursday, January 17, 2002 10:49 AM
> Subject: Re: FTP Server
> 
> 
> > On Wed, 2002-01-16 at 20:12, Craig White wrote:
> > > More importantly, there is a very robust method for keeping these things
> > > up to date on a redhat system - it's called up2date and it will
> > > automatically download and update installed daemons when system
> > > advisories require updating. Say I install a proftpd or pure-ftpd on a
> > > system but the security advisories that I get from redhat will never
> > > mention them because they don't include them, and it never gets
> > > updated...how smart is that? I can tell you from my very limited
> > > perspective, it's much smarter for me to use wu-ftpd as part of the
> > > redhat package and it gets updated frequently by my running "up2date -u"
> > > which will update all the packages installed on my system (or profile)
> > > as opposed to having to consider the security implications of a
> > > 'foreign' ftp server that redhat doesn't support.
> >
> > Wow, you really bought into RedHats' marketing tactics.  RedHat *IS*
> > Linux, right?  :)
> >
> > >
> > > I wonder if all those preaching switching the
> > > standard/supported/maintained ftp daemon for one that will require some
> > > effort in updating, linking libraries, security implications etc... why
> > > they are still using bind, openssh and other daemons that likewise have
> > > a storied history of security advisories?
> >
> > Under that logic, Windows NT 4 is the most secure OS in the world.
> >
> > BIND & OpenSSH are the only viable options in those categories.  There
> > may be worthwhile replacements for BIND, but unless you want to pay for
> > the commercial SSH products there's nothing else.
> >
> > >
> > > Lastly, if security through obscurity (or statistically insignificant
> > > marketshare - hence statistically insignificant exploit efforts) is
> > > desired, may I recommend Macintosh OS 9?
> >
> > This sounds eerily like a statement made by Microsoft about the Full
> > Disclosure fiasco recently.
> >
> > The fact of the matter is, FTP is an inherently hard protocol to
> > secure.  If you want secure file transfers go for SSH/SCP, s-ftp, or
> > even ftp over SSL.  If you want functionality, there's nothing wrong
> > with wu-ftpd, it works quite nicely.  If you want at least the false
> > sense of security associated with applications designed from the ground
> > up with security in mind.  Go for pureftpd, vsftpd or proftpd.  In the
> > end it doesn't matter that much which one you choose as long as you are
> > vigilant and monitor security lists, and fix any problems that arise.
> > It's all about using whatever tool is right for the task at hand.
> >
> > >
> > > Craig
> > --
> > Blake Barnett (bdb)  <blake.barnett@developonline.com>
> > Sr. Unix Administrator
> > DevelopOnline.com                 office: 480-377-6816
> >
> > Learning is a skill, you get better at it with practice.
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
> post to the list quickly and you use Netscape to write mail.
> >
> > PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.mybutt.net
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.mybutt.net
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.mybutt.net
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-- 
Blake Barnett (bdb)  <blake.barnett@developonline.com>
Sr. Unix Administrator
DevelopOnline.com                 office: 480-377-6816

Learning is a skill, you get better at it with practice.