SafeTP: Transparently Securing FTP Network Services

نویسندگان

  • Dan Bonachea
  • Scott McPeak
چکیده

One of the most challenging practical aspects of providing endto-end network security for legacy client-server protocols such as non-anonymous FTP (File Transfer Protocol) is convincing end users to actually use the secure alternatives, rather than abandoning them in favor of simpler, more familiar, or more fully featured insecure clients. A number of secure alternatives to the FTP protocol have been developed, but thus far have met with only limited success – we feel this is primarily due to the fact that these solutions almost universally require the end user to learn a new, unfamiliar client interface or tweak complicated settings in order to make the security work. The average end user is interested in maintaining the security of their account, but is unwilling to invest a significant effort to setup a complicated system or the time to learn a whole new interface. SafeTP is a unique new FTP security system that strikes at the heart of this problem by providing completely transparent FTP security for users of Microsoft Windows 9x/NT/2000. SafeTP operates by installing a transparent proxy in the Windows networking stack which detects outgoing FTP connections from any legacy (insecure) Windows FTP client, and silently secures them using modern cryptographic techniques (the server must also support SafeTP in order for a secure connection to be succesfully established). SafeTP is 100% compatible with existing (insecure) FTP servers, and will operate in an insecure mode if the server does not yet support the SafeTP protocol. One key feature of the SafeTP client proxy is that it was designed to be completely transparent to the client FTP application. This way, users can reap the benefits of FTP security, while continuing to use their existing FTP software. Since its recent release on the internet, SafeTP has become extremely popular and is rapidly gaining acceptance in a diverse user community that includes numerous corporations, educational institutions and private users. In this paper, we describe the design of SafeTP and our experiences in implementing and maintaining this successful system. We discuss various challenges encountered in designing a fully transparent and interoperable security layer, and the solutions we implemented. We also describe various aspects of the hybrid public-key and shared-key cryptosystem used to provide confidentiality, integrity, and authenticity for FTP sessions.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

SafeTP: Secure, Transparent, Interoperable FTP

SafeTP makes FTP traffic secure, transparent, and interoperable. Security – confidentiality, integrity, and authenticity – is provided by a hybrid public-key and shared-key cryptosystem. Transparency – the ability to use existing FTP software and make it secure – is achieved by the insertion of a proxy layer. Interoperability – compatibility with the installed base of insecure FTP clients and s...

متن کامل

Use of DNS Aliases for Network Services

It has become a common practice to use symbolic names (usually CNAMEs) in the Domain Name Service (DNS [1,2]) to refer to network services such as anonymous FTP [3] servers, Gopher [4] servers, and most notably World-Wide Web HTTP [5] servers. This is desirable for a number of reasons. It provides a way of moving services from one machine to another transparently, and a mechanism by which peopl...

متن کامل

Etag: "323b5e-503a-322b5d54" Accept-ranges: Bytes Content-length: 20538 Connection: Close Content-type: Text/plain Ids Working Group

It has become a common practice to use symbolic names (usually CNAMEs) in the Domain Name Service (DNS [1,2]) to refer to network services such as anonymous FTP [3] servers, Gopher [4] servers, and most notably World-Wide Web HTTP [5] servers. This is desirable for a number of reasons. It provides a way of moving services from one machine to another transparently, and a mechanism by which peopl...

متن کامل

Securing Ordinary TCP Services through Tunnels

Many popular protocols deployed in the Internet today, have been designed years before security, cryptographic authentication and data en-cryption was an issue. Examples for such protocols are POP, telnet, X11-remote-display, and FTP. These protocols are to be considered insecure nowadays and if we were living in an ideal world, they would have been replaced by more sophisticated protocols comp...

متن کامل

ShadowNet: An Active Defense Infrastructure for Insider Cyber Attack Prevention

The ShadowNet infrastructure for insider cyber attack prevention is comprised of a tiered server system that is able to dynamically redirect dangerous/suspicious network traffic away from production servers that provide web, ftp, database and other vital services to cloned virtual machines in a quarantined environment. This is done transparently from the point of view of both the attacker and n...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2000