Date: Mon, 22 Nov 1999 09:43:42 -0500 (EST) From: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu> To: security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) Message-ID: <AsCJOSi00Uw=05x5A0@andrew.cmu.edu> In-Reply-To: <Pine.BSF.4.21.9911220435140.22770-100000@isr4033.urh.uiuc.edu> References: <Pine.BSF.4.21.9911220435140.22770-100000@isr4033.urh.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Excerpts from FreeBSD-Security: 22-Nov-99 Re: Disabling FTP (was Re: .. by Frank Tobin@uiuc.edu > You're making a real bold statement that just opening up ftpd leaves the > box wide open. This is not a good assumption. As one person stated > before, it is not the ftpd being up that renders a box insecure, but > the sending of cleartext passwords to it is the problem. If you don't > send cleartext passwords to it, you're not at risk. Another question is: How far away are we from integrated IPSec? And doesn't the usefulness of encrypted protocols such as ssh (except for when you want MORE security on top of encrypted packets I'd imagine) begin to diminish as boxes switch from v4 -> v6. Not something that will happen overnight, but once FreeBSD ships IPSec, using cleartext protocols no longer means instant password sniffing. This prospect seems very exciting to me, certian protocols stayed a long time without becoming truly secure and soon they will be in one fair swoop. You'll still need ssh for all the boxes which do not / will never support IPSec. -- Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AsCJOSi00Uw=05x5A0>