Re: SSH and secure FTP
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Date: Thu, 01 May 2003 07:19:42 -0400
- From: Cheri Duncan <duncancj@xxxxxxxxxx>
- Subject: Re: SSH and secure FTP
For many years, we used a standard PC as our Innovative ftp server, but we've
recently set up a directory on our backup web server as the Innopac ftp site. This
was done to increase security and efficiency. Since our web server's OS is Windows
NT, we've used Windows networking to accomplish this. Each staff member that uses
the ftp functions in our Innopac is assigned their own directory on the "ftp
server". This directory is then mapped to a drive letter on the staff member's PC.
Hope this helps.
Library Systems Admin. & E-Resources/Serials Mgr.
Carrier Library - MSC 1704
James Madison University
Harrisonburg, VA 22807
Kyle Banerjee wrote:
> At 08:48 AM 4/30/2003 -0700, you wrote:
> >Since the Innovative server does not use SSH or secure FTP with staff
> >workstations, we are investigating the possibility of setting up a Linux
> >box which would be between our staff workstations and the Innovative
> >server. The idea is that we would use SSH and secure FTP between the
> >workstations and the Linux box, and then have the Linux box communicate
> >with the Innovative server in a secure environment.
> >I would like to discuss directly with several libraries how they have
> >approached a similar setup or other suggestions. If you have experience
> >with this, would you please contact me.
> One low tech approach that should work just fine is to set up an
> anonymous ftp access which is limited by IP to your catalog and to the
> specific workstations that need to be able to upload to the server.
> Anonymous access allows you to avoid moving cleartext passwords
> across your network. The added advantage of this approach is that you can
> confine all activity to an easily controllable directory. You could also
> install ftp servers on the desktop clients which are only turned on when
> file transfers must actually take place.
> I would be inclined against setting up a separate server just to
> ftp files to innovative. If the goal is to increase security by minimizing
> your attack surface, adding a whole new server that must be maintained and
> updated might not accomplish what you want. On a totally unrelated note,
> trojan horses and keystroke loggers represent a greater threat to password
> security than packet sniffers (and they are not affected by encryption).
> Kyle Banerjee
> Oregon State Library
> 250 Winter ST
> Salem, OR 97301-3950
> (503)378-4243 ext. 260
> This message was distributed through the Innovative Users Group INNOPAC list
> Public replies: INNOPAC@xxxxxxxxxx
> Update your subscription options: http://innopacusers.org/list/listinfo/innopac