Home page logo
/

basics logo Security Basics mailing list archives

Re: Secure FTP server for Windows
From: "Mike Sweeney" <mikesweeney () packetattack com>
Date: Tue, 7 Dec 2004 16:36:49 -0800

Clap..clap..clap..

Windows 2000 has been certified by the Common Criteria Certification (E4) which is a provable and repeatable world wide 
test of security. 2003 is not yet (??) certified. These things change all the time so do a google (is google a verb?) 
to get current information.

As Smoky Yunick once commented, The engine doesnt know what brand it is (he won with a varity of brands) As long as you 
stick with proven principles, they all work well.

Mike Sweeney

___________________________________________________________________________
 
Packetattack.com
Network Design and Security
www.packetattack.com
 
Office (714).637.4235

"QUIS CUSTODIET IPOS CUSTODES"
    WHO SHALL GUARD THE GUARDS 


------------Original Message------------
From: "Dana Epp" <dana () vulscan com>
To: "Volker Kindermann" <ml () ps102 de>, security-basics () lists securityfocus com
Date: Tue, Dec-7-2004 4:11 PM
Subject: Re: Secure FTP server for Windows

Oh come on now.

Comments like this are so unproductive to the conversation. Any 
operating 
system, including Windows, can be made secure. WHAT level of security 
is 
dependant on the risks you are trying to mitigate. You CAN make Windows 

secure, just as easily as how you can easily make Unix INSECURE. Its 
all in 
how you approach it.

It comes down that you need to quit thinking of the technical 
safeguards as 
THE solution and instead apply real world infosec policies to reduce 
the 
risks and protect the assets you need to by applying the safeguards as 
part 
of a bigger process. I blogged about this a year ago when I talked 
about the 
"8 rules of Information Security" 
(http://silverstr.ufies.org/blog/archives/000468.html)

In this case, you can definitely set up a secure SSH server on Windows, 
jail 
the enviroment and tighten the file ACLs to allow for SCP access for 
files 
you wish to exchange. This would be NO different than applying the same 

thing on a Unix environment. So instead of slagging the operating 
system 
think about what assets need to be protected, and what infosec policies 
need 
to be applied to effectively give access to those who need access to 
the 
asset. Then apply the technical safeguards in the OS as required.

I mean no disrespect Volker, but this kind of position doesn't help the 

situation. It only hinders any progress we can make by applying a 
higher 
level of thinking through sound infosec policies. And thats platform 
neutral.


----- Original Message ----- 
From: "Volker Kindermann" <ml () ps102 de>
To: <security-basics () lists securityfocus com>
Sent: Sunday, December 05, 2004 7:55 AM
Subject: Re: Secure FTP server for Windows


Hi Derek,


Can anyone recommend an FTP server for Windows which has been 
written 
with security in mind? I only really know such things about Linux 
(where 
vsftpd is the obvious choice) but I've been asked to recommend a 
Windows2000 or WindowsXP product.

please consider that you can't operate a secure ftp server on top of 
an 
insecure operating system. With this in mind there is no secure ftp 
server 
for windows.


 -volker








  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]