Educause Security Discussion mailing list archives
Re: Secure file transfers
From: scott hollatz <shollatz () D UMN EDU>
Date: Mon, 7 May 2007 12:19:02 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SFTP and SCP may suffer from bad passwords, but that's not a function of those tools, but of users. All password based systems are thus equally bad, but that's absurd as PINs and passwords are the de facto user authentication scheme no matter how much security gurus lambaste them. SCP can be configured to only allow public key crypto logins, so it allows for greater security. Unlike FTP, SCP is secure end-to-end, including the password handshake.
Yes, I forgot to add in my eariler response that we also offer scp and rsync+ssh as part of the solution. Also, vendors must be aware of the difference between FTP+SSL and a secure file transfer protocol such as scp or sftp as part of SSH. There's nothing worse than doing a bunch of firewall gymnastics due to a miscommunication and telephone tag.
Of course, there are web services out there that allow for secure file transfers (secure messaging and the like), but they cost money naturally. The upside is you can do the transfers without requiring people have/use SFTP/SCP, something few people would have available. I've used Yozons and found it worthwhile, but it's also password-based authentication, so if that's the stumbling block, then you can forget it. Harrold
- -- scott hollatz net shollatz () d UMn eDu information technology systems and services tel +1 218 726 8851 university of minnesota duluth mn usa fax +1 218 726 7674 -- "Asn aD ta zlAp em uT zt33rg" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iD8DBQFGP1+K4og1WWfEVRsRAn49AKCEUuOi1BaFyfo3seC4zziCsY9NKwCgj8T2 8/OXmSZ2pyAs8WSrCXxiA30= =AdoO -----END PGP SIGNATURE-----
Current thread:
- Re: Secure file transfers, (continued)
- Re: Secure file transfers Winders, Timothy A (May 07)
- Re: Secure file transfers Brian Epstein (May 07)
- Re: Secure file transfers Ken Connelly (May 07)
- Re: Secure file transfers Glenn Forbes Fleming Larratt (May 07)
- Re: Secure file transfers Jones, Dan (May 07)
- Re: Secure file transfers Valdis Kletnieks (May 07)
- Re: Secure file transfers scott hollatz (May 07)
- Re: Secure file transfers Cal Frye (May 07)
- Re: Secure file transfers Joe St Sauver (May 07)
- Re: Secure file transfers Harrold Ahole (May 07)
- Re: Secure file transfers scott hollatz (May 07)
- Re: Secure file transfers Matthew Keller (May 07)
- Re: Secure file transfers Samuel Young (May 07)
- Re: Secure file transfers Ken Connelly (May 07)
- Re: Secure file transfers Wyman Miles (May 07)
- Re: Secure file transfers Samuel Young (May 07)
- Re: Secure file transfers Buz Dale (May 07)
- Re: Secure file transfers Harrold Ahole (May 07)
- Re: Secure file transfers Joe St Sauver (May 07)
- Re: Secure file transfers Alan Amesbury (May 07)
- Re: Secure file transfers Alan Amesbury (May 07)
(Thread continues...)