Educause Security Discussion mailing list archives
Re: unencrypted network sessions
From: Dave Koontz <dkoontz () MBC EDU>
Date: Fri, 28 Feb 2003 13:50:27 -0500
Similar story here, on a much smaller scale. Our Windows users were given copies of SSH Communications Client (free to educational institutions) or Putty. The problem was Web Developers who use "DreamWeaver" which simply does not support scp and wants an FTP connection to function. To resolve this, we setup FTP on the web server --- and configured it so that it can only be accessed via an SSH tunnel to the web server itself. This required simple port forwarding on the clients SSH session, which in turn allowed them to ftp to their loopback address (127.0.0.1). There were some very good instructions for this setup on MacroMedia's website, and also at http://www.ssh.com, as their client and server has special provisions for dealing with ftp's muliport requirements when tunneled through SSH. -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Alex Campoe Sent: Friday, February 28, 2003 12:42 PM To: SECURITY () LISTSERV EDUCAUSE EDU Hi Kevin We have approximately 70,000 accounts on our server. We succesfully removed telnet/ftp access last December by replacing it with ssh and scp. We faced the same opposition at first. From the start we were willing to discuss reasonable issues, but "this is what I am used to do" and the other excuses you listed were not an option. At the end, my only concern was the numerous web editors out there that do not offer scp uploads. After all was said and done, complaints turned out to be minimum. Alex Kevin Shalla wrote:
I've been trying to stamp out telnet and ftp access to all our servers (by forcing ssh and sftp), and have been meeting with resistance. The reasons given include "other schools allow telnet", "we're a teaching and research university, and that will limit learning", and "we have people in China
and
India, and Korea who need access, and they don't have ssh or sftp". Do other schools allow telnet and ftp, and if not, how did you convince the naysayers that it is a good idea to switch to ssh / sftp? Kevin Shalla Manager, Student Information Systems Illinois Institute of Technology <mailto:Kevin.Shalla () iit edu> ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
-- ------- J. Alex Campoe - campoe () usf edu Associate Director, Systems, Academic Computing Data Security Manager, University of South Florida Phone (813) 974-1796 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- unencrypted network sessions Kevin Shalla (Feb 28)
- <Possible follow-ups>
- Re: unencrypted network sessions Alex Campoe (Feb 28)
- Re: unencrypted network sessions Dave Koontz (Feb 28)