Security Basics mailing list archives
Re: Secure FTP server for Windows
From: "Dana Epp" <dana () vulscan com>
Date: Mon, 6 Dec 2004 22:28:37 -0800
Oh come on now.Comments like this are so unproductive to the conversation. Any operating system, including Windows, can be made secure. WHAT level of security is dependant on the risks you are trying to mitigate. You CAN make Windows secure, just as easily as how you can easily make Unix INSECURE. Its all in how you approach it.
It comes down that you need to quit thinking of the technical safeguards as THE solution and instead apply real world infosec policies to reduce the risks and protect the assets you need to by applying the safeguards as part of a bigger process. I blogged about this a year ago when I talked about the "8 rules of Information Security" (http://silverstr.ufies.org/blog/archives/000468.html)
In this case, you can definitely set up a secure SSH server on Windows, jail the enviroment and tighten the file ACLs to allow for SCP access for files you wish to exchange. This would be NO different than applying the same thing on a Unix environment. So instead of slagging the operating system think about what assets need to be protected, and what infosec policies need to be applied to effectively give access to those who need access to the asset. Then apply the technical safeguards in the OS as required.
I mean no disrespect Volker, but this kind of position doesn't help the situation. It only hinders any progress we can make by applying a higher level of thinking through sound infosec policies. And thats platform neutral.
----- Original Message ----- From: "Volker Kindermann" <ml () ps102 de>
To: <security-basics () lists securityfocus com> Sent: Sunday, December 05, 2004 7:55 AM Subject: Re: Secure FTP server for Windows
Hi Derek,Can anyone recommend an FTP server for Windows which has been written with security in mind? I only really know such things about Linux (where vsftpd is the obvious choice) but I've been asked to recommend a Windows2000 or WindowsXP product.please consider that you can't operate a secure ftp server on top of an insecure operating system. With this in mind there is no secure ftp server for windows.-volker
Current thread:
- Secure FTP server for Windows Derek Fountain (Dec 03)
- Re: Secure FTP server for Windows Dana Epp (Dec 03)
- RE: Secure FTP server for Windows Mike Sweeney (Dec 07)
- Re: Secure FTP server for Windows Volker Kindermann (Dec 06)
- Re: Secure FTP server for Windows Dana Epp (Dec 07)
- Re: Secure FTP server for Windows Mike Sweeney (Dec 08)
- Re: Secure FTP server for Windows Volker Kindermann (Dec 09)
- VPN: PPTP with NAT traversal ? Rolando Ruiz (Dec 10)
- Re: Secure FTP server for Windows Dana Epp (Dec 07)
- Re: Secure FTP server for Windows Dana Epp (Dec 03)
- <Possible follow-ups>
- RE: Secure FTP server for Windows Stephane Auger (Dec 03)
- RE: Secure FTP server for Windows Jennifer Fountain (Dec 03)
- RE: Secure FTP server for Windows Stephane Auger (Dec 06)
- Re: Secure FTP server for Windows Jason Coombs (Dec 06)
- RE: Secure FTP server for Windows Jeff Gercken (Dec 07)
- RE: Secure FTP server for Windows Nardis, Frank (Dec 09)