Educause Security Discussion mailing list archives

Re: FTP services for Vendor access

From: Ken Connelly <ken.connelly () UNI EDU>
Date: Fri, 16 Jun 2006 21:41:16 -0500

Valdis Kletnieks wrote:

On Fri, 16 Jun 2006 08:02:10 PDT, Keith Furrow said:

I've been charged with investigating our deployment of FTP services
used to share data with vendors, contractors, other institutions,
etc.,  and have some questions for the group:


Question 0:

Has your organization heaved FTP over the side and make vendors use scp/ssh
instead?

Yes.  We block inbound plain-text FTP, telnet, POP3, and IMAP at our
border.  We also block those same plain-text protocols within our core
except for segments where we control all physical access to the relevant
switches.

- ken

Current thread:

FTP services for Vendor access Keith Furrow (Jun 16)
- <Possible follow-ups>
- Re: FTP services for Vendor access Valdis Kletnieks (Jun 16)
- Re: FTP services for Vendor access Ken Connelly (Jun 16)
- Re: FTP services for Vendor access Bob Kehr (Jun 16)