Home page logo

basics logo Security Basics mailing list archives

Re: Secure FTP server for Windows
From: "Mike Sweeney" <mikesweeney () packetattack com>
Date: Tue, 7 Dec 2004 16:36:49 -0800


Windows 2000 has been certified by the Common Criteria Certification (E4) which is a provable and repeatable world wide 
test of security. 2003 is not yet (??) certified. These things change all the time so do a google (is google a verb?) 
to get current information.

As Smoky Yunick once commented, The engine doesnt know what brand it is (he won with a varity of brands) As long as you 
stick with proven principles, they all work well.

Mike Sweeney

Network Design and Security
Office (714).637.4235


------------Original Message------------
From: "Dana Epp" <dana () vulscan com>
To: "Volker Kindermann" <ml () ps102 de>, security-basics () lists securityfocus com
Date: Tue, Dec-7-2004 4:11 PM
Subject: Re: Secure FTP server for Windows

Oh come on now.

Comments like this are so unproductive to the conversation. Any 
system, including Windows, can be made secure. WHAT level of security 
dependant on the risks you are trying to mitigate. You CAN make Windows 

secure, just as easily as how you can easily make Unix INSECURE. Its 
all in 
how you approach it.

It comes down that you need to quit thinking of the technical 
safeguards as 
THE solution and instead apply real world infosec policies to reduce 
risks and protect the assets you need to by applying the safeguards as 
of a bigger process. I blogged about this a year ago when I talked 
about the 
"8 rules of Information Security" 

In this case, you can definitely set up a secure SSH server on Windows, 
the enviroment and tighten the file ACLs to allow for SCP access for 
you wish to exchange. This would be NO different than applying the same 

thing on a Unix environment. So instead of slagging the operating 
think about what assets need to be protected, and what infosec policies 
to be applied to effectively give access to those who need access to 
asset. Then apply the technical safeguards in the OS as required.

I mean no disrespect Volker, but this kind of position doesn't help the 

situation. It only hinders any progress we can make by applying a 
level of thinking through sound infosec policies. And thats platform 

----- Original Message ----- 
From: "Volker Kindermann" <ml () ps102 de>
To: <security-basics () lists securityfocus com>
Sent: Sunday, December 05, 2004 7:55 AM
Subject: Re: Secure FTP server for Windows

Hi Derek,

Can anyone recommend an FTP server for Windows which has been 
with security in mind? I only really know such things about Linux 
vsftpd is the obvious choice) but I've been asked to recommend a 
Windows2000 or WindowsXP product.

please consider that you can't operate a secure ftp server on top of 
insecure operating system. With this in mind there is no secure ftp 
for windows.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]