Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.5  File Transfer
           9  2.5.4  Vulnerabilities

Previous Topic/Section
2.5.4  Vulnerabilities
Previous Page
Pages in Current Topic/Section
1
Next Page
2.6  Wireless
Next Topic/Section

2.5.4.1  Packet Sniffing

Since vanilla FTP transmits in clear text, using a packet sniffer to see the data as well as user/password information is relatively easy to do. In 2.5.1 we mentioned performing file transfers over SSL or SSH2. Another version of encrypted FTP uses the freely available BlowFish encryption algorithm (448-bit Encryption and can be found for free in the footnote230.

FTP Access

With FTP access, a malicious user can upload a virus, or exploit a web server flaw like a buffer overflow, and cause a Denial of Service to legitimate users, or even gain unauthorized access to the server.

Another security vulnerability in FTP is that unless a technology like S/FTP is used, data and user/password information are transferred in clear text form, and can easily be sniffed from the network or even altered during transfer.



 __________________

230. http://www.eftp.org/

Previous Topic/Section
2.5.4  Vulnerabilities
Previous Page
Pages in Current Topic/Section
1
Next Page
2.6  Wireless
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.