Re: unencrypted network sessions

[Dave Koontz <dkoontz () MBC EDU>]

Similar story here, on a much smaller scale.  Our Windows users were given
copies of SSH Communications Client (free to educational institutions) or
Putty.  The problem was Web Developers who use "DreamWeaver" which simply
does not support scp and wants an FTP connection to function.  To resolve
this, we setup FTP on the web server --- and configured it so that it can
only be accessed via an SSH tunnel to the web server itself.  This required
simple port forwarding on the clients SSH session,  which in turn allowed
them to ftp to their loopback address (127.0.0.1).  There were some very
good instructions for this setup on MacroMedia's website, and also at
http://www.ssh.com, as their client and server has special provisions for
dealing with ftp's muliport requirements when tunneled through SSH.


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Alex Campoe
Sent: Friday, February 28, 2003 12:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU

Hi Kevin

We have approximately 70,000 accounts on our server. We succesfully
removed telnet/ftp access last December by replacing it with ssh and
scp. We faced the same opposition at first. From the start we were
willing to discuss reasonable issues, but "this is what I am used to do"
and the other excuses you listed were not an option. At the end, my only
concern was the numerous web editors out there that do not offer scp
uploads.

After all was said and done, complaints turned out to be minimum.

Alex

Kevin Shalla wrote:
> I've been trying to stamp out telnet and ftp access to all our servers (by
> forcing ssh and sftp), and have been meeting with resistance.  The reasons
> given include "other schools allow telnet", "we're a teaching and research
> university, and that will limit learning", and "we have people in China
and
> India, and Korea who need access, and they don't have ssh or sftp".  Do
> other schools allow telnet and ftp, and if not, how did you convince the
> naysayers that it is a good idea to switch to ssh / sftp?
>
> Kevin Shalla
> Manager, Student Information Systems
> Illinois Institute of Technology
> <mailto:Kevin.Shalla () iit edu>
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/memdir/cg/.

--
-------
J. Alex Campoe - campoe () usf edu
Associate Director, Systems, Academic Computing
Data Security Manager, University of South Florida
Phone (813) 974-1796

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.