Professional Web Applications Themes

Are FTP Clients on unix boxes turned off? - Linux / Unix Administration

In one of my assignments, we are trying to propose a solution involving using ftp clients on unix boxes. I am trying to poll this group to see how unix sysadmins typically look at ftp clients on a unix box. 1. First of all, Are ftp clients available by default on all main unix platforms ? (Aix, Solaris, HPUX, Linux etc.) 2. Do sysadmins perceive using ftp clients on unix boxes as a security threat of some sort. Any comments in this area will be appreciated. Divakar...

  1. #1

    Default Are FTP Clients on unix boxes turned off?

    In one of my assignments, we are trying to propose a solution involving
    using ftp clients on unix boxes. I am trying to poll this group to see
    how unix sysadmins typically look at ftp clients on a unix box.
    1. First of all, Are ftp clients available by default on all main unix
    platforms ? (Aix, Solaris, HPUX, Linux etc.)
    2. Do sysadmins perceive using ftp clients on unix boxes as a security
    threat of some sort.
    Any comments in this area will be appreciated.

    Divakar

    Divakar Guest

  2. #2

    Default Re: Are FTP Clients on unix boxes turned off?

    Divakar <com> wrote: 

    What kind of assignment? Homework? Or are you a consultant?
    Both is frequently a sign of cluelessness :^)
     

    Usually yes. On some systems you get a choice, but the FTP client is
    always on the install media.
     

    The only problem I see with an FTP client is that it sends data and
    passwords unencrypted. If you are in an environment where there is danger
    of people sniffing network traffic for passwords, it is better to use
    something else.
    Still you want to have an FTP client on your system, for example to do
    anonymous ftp to download sites.

    Yours,
    Laurenz Albe
    Laurenz Guest

  3. #3

    Default Re: Are FTP Clients on unix boxes turned off?

    In article <googlegroups.com>,
    "Divakar" <com> wrote:
     

    Clients aren't the issue. Now typically, the ftpd server is disabled
    unless the system is behind a firewall and the local network group
    doesn't care. Then ssh and it's brethren are enabled instead.

    --
    DeeDee, don't press that button! DeeDee! NO! Dee...



    Michael Guest

  4. #4

    Default Re: Are FTP Clients on unix boxes turned off?

    In comp.unix.admin Divakar <com>: 

    Homework?
     

    Yep, even if can't be guaranteed, as many *nix boxes are
    installed auto-magically with net booting through one or another
    vendor dependent variant, allowing for heavily customized
    installations.
     

    Yep, standard ftp has no security at all and should be used for
    anonymous ftp/tftp/etc only.

    Use sftp/scp instead.

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 79: Look, buddy: Windows 3.1 IS A General
    Protection Fault.
    Michael Guest

  5. #5

    Default Re: Are FTP Clients on unix boxes turned off?

    On 2 Feb 2005 20:45:19 -0800, Divakar <com> wrote: 

    I prefer to use ssh-enabled services, like scp.
     

    Yes.
     

    Well, yes. The traffic, including the username and password, are passed
    in clear text and can be sniffed/snooped. In an environment where
    security isn't important (are there any?) that's not a problem. But,
    when scp is also readily available, free, and secure, and as easy
    if not easier to use interactively or in a script.
     

    Thank you for mentioning this is homework; saying so gets a much
    better response than the people who try to pretend it's not.

    Dave Hinz

    Dave Guest

  6. #6

    Default Re: Are FTP Clients on unix boxes turned off?

    On Thu, 3 Feb 2005 08:36:46 +0000 (UTC), Laurenz Albe <com> wrote: 
    >
    > What kind of assignment? Homework? Or are you a consultant?
    > Both is frequently a sign of cluelessness :^)[/ref]

    Pretty harsh, Laurenz. He asked a well-formulated, intelligent
    question, and was up-front about it being an assignment of some sort.

    Dave Guest

  7. #7

    Default Re: Are FTP Clients on unix boxes turned off?

    "Divakar" <com> writes:
     

    On most unix systems, there are ftp clients installed. But, as said in
    other answers, too: This isn't guarantied.
     

    No. I haven't anything against clients. But I don't want ftp servers
    on my servers running. Clients are insecure for the servers.


    --
    '''
    (0 0)
    +------oOO----(_)--------------+
    | |
    | Ulrich Herbst |
    | |
    | de |
    +-------------------oOO--------+
    |__|__|
    || ||
    ooO Ooo
    Ulrich Guest

  8. #8

    Default Re: Are FTP Clients on unix boxes turned off?

    Dave Hinz wrote: [/ref]
    involving [/ref]
    see 
    >
    > I prefer to use ssh-enabled services, like scp.[/ref]

    Including sftp.
     [/ref]
    unix 
    >
    > Yes.
    > [/ref]
    security 
    >
    > Well, yes. The traffic, including the username and password, are[/ref]
    passed 

    Clear passwords aren't an issue with the s* ones.

    The biggest issue with running FTP is downloading problem
    files. That's a user training problem not a techical one.
     
    >
    > Thank you for mentioning this is homework; saying so gets a much
    > better response than the people who try to pretend it's not.[/ref]

    Agreed.

    Doug Guest

  9. #9

    Default Re: Are FTP Clients on unix boxes turned off?

    Dave Hinz wrote: 
    >>
    >>What kind of assignment? Homework? Or are you a consultant?
    >>Both is frequently a sign of cluelessness :^)[/ref]
    >
    >
    > Pretty harsh, Laurenz. He asked a well-formulated, intelligent
    > question, and was up-front about it being an assignment of some sort.
    >[/ref]
    Actually, Luarenz's question is spot on.

    The only thing I would add would be the probability of decreasing
    cluelessness is somewhat better for the student. Marginally. 8-)
    Timothy Guest

  10. #10

    Default Re: Are FTP Clients on unix boxes turned off?

    On Thu, 03 Feb 2005 12:59:29 -0700, Timothy J. Bogart <net> wrote: 
    >>
    >>
    >> Pretty harsh, Laurenz. He asked a well-formulated, intelligent
    >> question, and was up-front about it being an assignment of some sort.
    >>[/ref]
    > Actually, Luarenz's question is spot on.[/ref]

    His question, yes. The followup, not so much.
     

    Whatever. Guy was honest with us and asked a good question.

    Dave Guest

  11. #11

    Default Re: Are FTP Clients on unix boxes turned off?

    Divakar wrote: 

    Do you really want to know about ftp? Or do you really want to know if
    ftp is the right approach for your 'problem'?

    Kind of hard to help you there since you didn't share the problem.
    Timothy Guest

  12. #12

    Default Re: Are FTP Clients on unix boxes turned off?

    Divakar <com> wrote: 

    Generally this is a bad place to ask homework questions, but this one is
    specific, interesting, and not asked every week - nice job :)

    Does the assignment specify use of FTP, or is this negotiable? FTP is an
    annoying protocol network-wise (lack of encryption, use of multiple
    connections), and should probably be avoided if possible. Command-line
    HTTP or SSH clients like wget or scp are somewhat less available out of
    the box, but can be added to almost all systems, and allow you better
    security, scriptability, and flexibility in network firewalling.
     

    Mostly, yes, for default installs of the OS. The server is usually disabled,
    but the client is usually there if any client network tools are. Like any
    specific, this is only "mostly", there are no guarantees.
     

    Smart sysadmins discourage its use, but it's not a threat in itself. It may
    be removed as part of a "remove EVERYTHING that you don't absolutely need"
    policy, which has some value.

    Passwords are generally sent plaintext in FTP, so it's not considered even a
    vaguely secure protocol. There are newer versions that encrypt the
    authentication, but most of what you'll find installed by default won't.
    --
    Mark Rafn net <http://www.dagon.net/>
    Mark Guest

  13. #13

    Default Re: Are FTP Clients on unix boxes turned off?

    On Thu, 3 Feb 2005 14:28:33 -0800, Mark Rafn <net> wrote: 
    >
    > Generally this is a bad place to ask homework questions, but this one is
    > specific, interesting, and not asked every week - nice job :)[/ref]

    How do I remove a file with a space in it's name? (sorry...)

    Dave Guest

  14. Moderated Post

    Default Re: Are FTP Clients on unix boxes turned off?

    Removed by Administrator
    Michael Guest
    Moderated Post

  15. #15

    Default Re: Are FTP Clients on unix boxes turned off?

    In article <googlegroups.com>,
    "Doug Freyburger" <com> wrote:
     

    That same problem exists if you use something other than an FTP client
    to perform the download. It's not FTP that's the problem, it's the
    general issue of downloading malware by any means.

    --
    Barry Margolin, mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Guest

  16. #16

    Default Re: Are FTP Clients on unix boxes turned off?

    Dave Hinz <net> wrote: 

    Yes, and I apologise for letting my witticisms get the better of me.
    I hope to have made some amends by giving a reasonable answer.

    Yours,
    Laurenz Albe
    Laurenz Guest

  17. #17

    Default Re: Are FTP Clients on unix boxes turned off?

    On 2 Feb 2005 20:45:19 -0800
    "Divakar" <com> wrote:
     

    Traditionally, Unix systems come with a command-line FTP
    client. Don't forget that browsers are also FTP clients.
     

    Clients usually don't allow access to the machine on which they
    run, but FTP is an exception because in PORT mode at least,
    the _client_ opens a port for the server to connect to. So
    theoretically, a vulnerability in the client might allow a compromised
    FTP server access to the client's host. I've not heard of exploits
    though.

    There are many good reasons for not using FTP, the
    most obvious being the plain-text passwords, which are especially
    problematic because traditionally FTP servers use the OS
    credentials (thus giving login access to a system). Systems
    using the FTP protocol, but with their own credentials are
    less problematic, especially if they are designed such that
    the availability of the FTP login/password doesn't give
    access to the data used by the system, and/or that data is
    encrypted. In these cirstances using FTP can make life
    easier because network administrators typically have less
    problems allowing well-known protocols through their routers
    than unknown, custom designed protocols (better the devil
    you know, etc.). Such a system would typically not use the
    standard client, but include their own clients (or at least
    provide a wrapper around the standard client allowing
    some form of automated use).

    Take care,

    --
    Stefaan
    --
    As complexity rises, precise statements lose meaning,
    and meaningful statements lose precision. -- Lotfi Zadeh
    Stefaan Guest

Similar Threads

  1. Link Picture boxes to text boxes
    By Paul.McDaid@adobeforums.com in forum Adobe Indesign Macintosh
    Replies: 4
    Last Post: November 16th, 11:01 PM
  2. Replies: 3
    Last Post: April 18th, 06:24 PM
  3. Replies: 1
    Last Post: July 22nd, 03:57 PM
  4. Replies: 1
    Last Post: July 9th, 01:03 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139