[unisog] Ftp access to Web servers

Christopher A Bongaarts cab at tc.umn.edu
Tue Jun 11 17:30:14 GMT 2002


As Bill Martin once put it so eloquently:

[...]
> clear-text passwords for Telnet and FTP. It's sad but, the first
> reaction I usually get is "we can't afford to do it".  On the other
> hand, how much does it cost to rebuild your system once it is
> compromised?
> 
> There are a number of SSH packages that are inexpensive and some that
> are free and are available on multiple platforms. Even if you have to
> pay for the product, the initial payout will usually be less expensive
> than it would be to rebuild a system that is compromised by way of clear
> text passwords.

I would tend to think that the biggest cost would be in training your
faculty and staff to use it, and increased helpline support to deal
with the increased complexity.

Once again we see that security is a game of tradeoffs with
convenience.  You just have to figure out the cost to rebuild after
compromise (distributed over the mean time between expected
compromises) vs. the support (and perhaps software) costs of requiring 
non-technical people to do complicated things...

%%  Christopher A. Bongaarts  %%  cab at tc.umn.edu       %%
%%  Internet Services         %%  http://umn.edu/~cab  %%
%%  University of Minnesota   %%  +1 (612) 625-1809    %%



More information about the unisog mailing list