Mailinglist Archive: opensuse (1620 mails)

< Previous Next >
Re: [opensuse] FTP Access
On 11/17/2014 09:49 AM, Lew Wolfgang wrote:
More complicated
business cases would certainly require more complicated solutions.

And that's the sucker punch!

Once business gets the idea that files need to be transferred as part of
a business process then 'FTP' -- the idea that files should be
transferred using the FTP protocol -- is a big problem and a high risk.
BTDT seen it happen many, many times. Some people won't learn from
other's mistakes. Take a "well it doesn't apply to me" attitude even
when it does.

No argument with ftp in the small as you describe, so long as its about
containment.

But where do you draw the boundary?
There's an old anti-security argument that goes "I'm too small for the
hackers to bother with". It needs revisiting. Small businesses set up
by practitioners who haven't addressed the risks are a disaster waiting
to happen. Many of us have done the BTDT cleanups from those cases.

Example: I was at a presentation where a 'hacker demo' was based on
someone leaving the TFTP port open and allowing access to ... All manner
of stuff. An IT manager from a bank observed that this was ridiculous
"who the hell leaves TFTP open in this day and age?!!!" The answer was
"more people than you care to know about and many of them businesses
with no internal security".

Some of those small businesses grow but never revise their policy.


--
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting frowned upon?

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups