User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » NCSU FTP Page [1]  
breaker05
Veteran
367 Posts
user info
edit post

I need some help. For the past 4 years I have accessed my K drive from home easily going to

ftp://unityid@ftp.ncsu.edu

then typing my password. This doesn't work anymore. Does anyone know why?

I really don't want to install any 3rd party programs.

1/28/2007 3:41:45 PM

A Tanzarian
drip drip boom
10995 Posts
user info
edit post

Quote :
"Unencrypted authenticated FTP services to be discontinued
ITD - Service - Remove

Effective Date: Jan 02


On January 4th, 2007 at 3pm, we will be removing the capability to log into ftp.ncsu.edu with your unity username and password over unsecured/unencrypted channels. From that point on, if you wish to make use of authenticated FTP services, you will need to connect via SFTP (secure FTP).

The anonymous FTP service at ftp.ncsu.edu for uploads to the incoming directory and anonymous use such as the various mirrors we host will not be affected.

There are SFTP clients available for all major operating systems at this point, and most applications like Dreamweaver support SFTP as well. WinSCP (Windows) and FUGU (Mac) are available from help.ncsu.edu.

WinSCP: http://help.ncsu.edu/helpcd/Software/winSCP.html

Fugu: http://help.ncsu.edu/helpcd/Software/fugu.html

To make use of SFTP, you will connect to the same ftp.ncsu.edu address you have always been connecting to."


http://sysnews.ncsu.edu/news/452ea13d

1/28/2007 3:47:27 PM

breaker05
Veteran
367 Posts
user info
edit post

Ah, great. thanks.

1/28/2007 3:49:50 PM

WolfAce
All American
6458 Posts
user info
edit post

Quote :
"Major : textile engineering and csc"


You mean to tell me you're a csc guy and you used a totally unsecure ftp for four years sending your UNITY password out in plain unencrypted text? They must not teach common sense security measures in csc, oh wait it was called E115

1/28/2007 9:54:39 PM

Quinn
All American
16417 Posts
user info
edit post

^

You're a real funny guy.

Note : sarcasm

1/28/2007 10:03:21 PM

breaker05
Veteran
367 Posts
user info
edit post

i've never had anything important on my k drive anyway, i just transfered regular documents.

and it never fails someone has to make a smart ass comment!

1/29/2007 12:14:32 AM

Noen
All American
31346 Posts
user info
edit post

shit i've been doing it for 6 years.

because the chance that someone is sniffing my shit is like 1/1000000000000

ill bet however, the 10 or so most common ways to steal everything you ever knew about, WolfAce, you might have taken precautions about 5 or 6.

1/29/2007 12:28:34 AM

darkone
(\/) (;,,,;) (\/)
11610 Posts
user info
edit post

I'll bet money WolfAce has logged into something like AIM over non-encrypted wireless - like NCSU Nomad - and sent his usernames and passwords in plain text into the ether for all to read before. Wireless packet sniffing someplace like the library is lots of fun.

1/29/2007 12:56:23 AM

WolfAce
All American
6458 Posts
user info
edit post

Not that I can recall but I'm sure at some point i used AIM wirelessly. And of course I know those packets can be sniffed, but AIM passwords are just a little less important then a UNITY password controlling all kinds of your university shit.

1/29/2007 2:54:21 AM

Perlith
All American
7620 Posts
user info
edit post

Quote :
"They must not teach common sense security measures in csc, oh wait it was called E115"


Did they have Secure FTP as an option 4+ years ago? I don't remember it being there. And they teach plenty of security measures in CSC ... but not everybody necessarily wants to have that as their focus during their undergraduate years. (Whether it should be a focus is another matter of discussion).

And word of advice, don't make generalized statements like that on here. You'll piss a LOT of people off quick.

[Edited on January 29, 2007 at 7:41 AM. Reason : .]

1/29/2007 7:27:29 AM

shanedidona
All American
728 Posts
user info
edit post

is there a way to make internet explorer or windows explorer use SFTP?

1/29/2007 10:10:00 AM

plusdelta
All American
1034 Posts
user info
edit post

No. You must use a third-party secure FTP program. IE does not have it built-in.

1/29/2007 11:03:53 AM

OmarBadu
zidik
25071 Posts
user info
edit post

they are one step closer - the final one imho is to start educating people how to secure the user's IMAP login - you can still sniff those in the library and get a few every hour or 2

hypothetically, i could have gotten my CSC333 TA's (abwood - xxcxfzm2) one time while sitting in class - of course he had access to the gradebook - and it would have been sooooooooooo tempting to either change my grade higher or some other kids' grades lower - i wouldn't have ever done it though

1/29/2007 11:10:51 AM

cdubya
All American
3046 Posts
user info
edit post

If NCSU started supporting WPA or any flavor of 802.1x, that would be a fantastic start.

I usually just logged in to nomad, then immediately VPNed.

1/29/2007 11:23:49 AM

synapse
play so hard
60939 Posts
user info
edit post

Quote :
"or any flavor of 802.1x"


como?

1/29/2007 11:28:13 AM

cdubya
All American
3046 Posts
user info
edit post

EAP, PEAP, EAP-fast, whatever else is based on that standard

1/29/2007 3:45:48 PM

pmcassel
All American
1553 Posts
user info
edit post

^isn't that a lot of overhead?

They should, however, block IMAP over wireless. Force people to use SSL webmail.

1/29/2007 4:39:29 PM

synapse
play so hard
60939 Posts
user info
edit post

^ what if imap mail is being processed thru a client such as outlook or thunderbird.

i assume those programs encrypt logon information unlike plain webmail...is that correct?

1/29/2007 6:57:45 PM

pmcassel
All American
1553 Posts
user info
edit post

^plain webmail is over SSL (HTTPS) so the login IS encrypted
blocking IMAP would be done by port number before it is bridged/routed onto the wired network

1/29/2007 7:02:10 PM

synapse
play so hard
60939 Posts
user info
edit post

^ oh i was going off of the statement below...made me think there was SSL webmail and a plain webmail. i just looked though and its all ssl.
Quote :
"They should, however, block IMAP over wireless. Force people to use SSL webmail."



so its the email clients which leave unencrytped imap passwords floating around in the air?

[Edited on January 29, 2007 at 7:27 PM. Reason : ]

1/29/2007 7:17:36 PM

Perlith
All American
7620 Posts
user info
edit post

Quote :
"If NCSU started supporting WPA or any flavor of 802.1x, that would be a fantastic start."


You're an alumni ... donate your beer money to a "WPA for NCSU" fund

Any other nonsecure/outdated services NCSU is still running current students should be aware of WolfAce?

1/29/2007 7:26:04 PM

GonzoBill
Veteran
122 Posts
user info
edit post

Encrypting wireless at NCSU would be alot of overhead for not that much gain. Wireless encryption generally either sucks or requires keys that would be painful to manage and disseminate. Its better to just use secure protocols over the unencrypted wireless. And they are planning on turning off plain text IMAP sometime later this year and force everyone to use SSL/TLS.

Quote :
"Did they have Secure FTP as an option 4+ years ago?"


Engineering had it setup in early 2003.

1/29/2007 8:37:26 PM

cdubya
All American
3046 Posts
user info
edit post

I disagree that forcing secure local services is the right option. Sure, there's some financial overhead to implementing encrypted wireless security- but I'm sure there are a million more wasteful things that the university has funded.

To me, it's a no brainer. It's the responsible thing to do.

1/29/2007 10:03:13 PM

plusdelta
All American
1034 Posts
user info
edit post

Moving to mostly (or all) secure services is one of our long-term implementation goals. We have to balance ease of access and training users, as well as the availability of freeware and/or low-cost ways to use secured services.

Secure everything is great, but if we turn on security for wireless (for example) without helping users get ready (and have enough lead-time), then we immediately defeat any gains that are to be had. Case in point with the secure FTP implementation... when we turned OFF regular FTP, there were a number of users that screamed bloody murder.

It's not enough to throw money at a problem. If you don't have a way to get technology-illiterate people up to speed (which is much harder to do than you might think, on a campus this large), then money is irrelevant.

1/29/2007 11:02:32 PM

dbtriebe
Veteran
362 Posts
user info
edit post

That's a good point.

1/31/2007 3:50:46 PM

 Message Boards » Tech Talk » NCSU FTP Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.