SUMMARY: Well-Managed Anon FTP site, what it is
jeff01 at email.unc.edu
Tue Nov 6 16:03:54 GMT 2001
Yes this has been a great discussion, and I'm glad people realize the dangers of
Anon-FTP. Does anyone have this up on the web? It would be great to have these
suggestions (specific software recommendations, policies, and permission/directory
structure) about a "more secure" anonymous FTP site, minus all other precautions
like wrappers, filtering, etc.
Sheila Hollenbaugh wrote:
> I would like to thank all the lovely people who took the time and effort to
> explain to me what an anonymous FTP site that permits uploads should look like.
> The executive summary is that downloading of files should not be allowed from
> directories into which files can be anonymously uploaded. In fact, one should
> not even allow a listing of those directories. Further, I was informed that it
> can be very difficult to implement these policies with stock FTP software, and
> that ftp servers which enforce policies regardless of the underlying file
> permissions are desirable in this case.
> Again, thanks to all who replied to me directly as well as to the list.
University of North Carolina
IT Security Analyst
105 Abernethy Hall
mailto: jeff_bollinger at unc.edu
More information about the unisog