[NCLUG] Securing ftpd

dobbster dobbster at dobbster.com
Thu Mar 22 13:16:25 MST 2001


Thanks to all of the folks who responded to my questions.  I have
already tried a number of measures (mnap, etc.) and as far as I can
tell, none of my systems have yet been compromised.  I definitely need
to upgrade ftpd and sendmail; I've been trying, but I have had some
hassles compiling the latest.

Also, it seems that postfix isn't all that difficult to learn compared
to sendmail.  Perhaps I should just bite the bullet and switch.

I haven't tried all of the Windows software packages yet, but I'll check
them out...  Fortunately I've been trying to force my users into using
console-based FTP.  The Windows users have been using the built-in FTP
program.  I've created some web docs to make it seem easy (which it is,
of course, and it blows me away that anyone would have problems with FTP
at the command line.  I remember the first time I did it over ten years
ago.  With "help" it seems practically self-explanatory.  Does Windows
teach people not to read documentation, or does it simply shut down
their brains?) 

> Using Obtuse SMTPd (part of the Juniper Firewall Toolkit) helps
> the security of Sendmail quite a bit.

This is a new one to me.  I'll have to check it out.

Strangely, the portsentry software rarely shows hits on port 25.  I
might be missing something.  I need to keep up with all of the security
advisories.  They seem overwhelming!

Just how dangerous is it to run IMAP/POP services?

Mark (dobbster at dobbster.com)



More information about the NCLUG mailing list