SUMMARY: Well-Managed Anon FTP site, what it is

Jeff Bollinger jeff01 at email.unc.edu
Tue Nov 6 16:03:54 GMT 2001


Yes this has been a great discussion, and I'm glad people realize the dangers of
Anon-FTP.  Does anyone have this up on the web?  It would be great to have these
suggestions (specific software recommendations, policies, and permission/directory
structure) about a "more secure" anonymous FTP site, minus all other precautions
like wrappers, filtering, etc.

Thanks,
Jeff

Sheila Hollenbaugh wrote:

> I would like to thank all the lovely people who took the time and effort to
> explain to me what an anonymous FTP site that permits uploads should look like.
> The executive summary is that downloading of files should not be allowed from
> directories into which files can be anonymously uploaded.  In fact, one should
> not even allow a listing of those directories.  Further, I was informed that it
> can be very difficult to implement these policies with stock FTP software, and
> that ftp servers which enforce policies regardless of the underlying file
> permissions are desirable in this case.
>
> Again, thanks to all who replied to me directly as well as to the list.
>
> Sheila

--
Jeff Bollinger
University of North Carolina
IT Security Analyst
105 Abernethy Hall
mailto: jeff_bollinger at unc.edu




More information about the unisog mailing list