 |
| Register | FAQ | Members List | Calendar | Links | Search | Today's Posts | Mark Forums Read |
|
||||||||
|
|
|||||||
 |
|
|
Thread Tools | Display Modes |
|
#1
01-03-2008, 09:06 PM
|
Secure Methods of file transfer over network shares
Hello, I am not sure if this is the right forum for this, if not could
you please point me in the right direction. I work at a large Univeristy and we are taking over hosting a website for another department. What we are looking for is a secure way for the users of the other department to transfer the files to our web server using network share. When you transfer files this way does it encrypt your user name and password or does it send them across as clear text? If it is clear text is there a way to encrypt it? Thank You Eric 
|
|
#2
01-03-2008, 09:33 PM
|
|||
|
|||
|
Re: Secure Methods of file transfer over network shares
If it is done through normal file shares then it is doing Windows
Challenge/Response with usually Integrated Authentication. So, not only is the password not in clear text, the password doesn't even go over the wire to begin with,...that is what Challenge/Response is all about. The worst way to do it would be via FTP,...which does send the whole thing in Clear Text. -- Phillip Windell www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- "Eric" <(E-Mail Removed)> wrote in message news:4ea46979-05b0-403f-80ff-(E-Mail Removed)... > Hello, I am not sure if this is the right forum for this, if not could > you please point me in the right direction. > > I work at a large Univeristy and we are taking over hosting a website > for another department. What we are looking for is a secure way for > the users of the other department to transfer the files to our web > server using network share. > > When you transfer files this way does it encrypt your user name and > password or does it send them across as clear text? If it is clear > text is there a way to encrypt it? > > Thank You
|
|
#3
01-03-2008, 09:54 PM
|
|||
|
|||
|
Re: Secure Methods of file transfer over network shares
Thank you for the response Phillip. I should have explained alittle
better how we are set up. Even though we are within the same univeristy we manange our own network where as the department whos website we are hosting is not managed by us. We are not on the same domain. We use Active Directory and they use Novell The only thing would be we are on the same IP range as the rest of campus but they are 2 completely differnet networks. What we would like to do is share the folder under wwwroot that holds their website files, with them over windows share such as setting up a user account on our server and than have them map the drive using the user account. And in that case would it be encrypted or sent as clear text? Thanks again Phillip On Jan 3, 3:33*pm, "Phillip Windell" <philwind...@hotmail.com> wrote: > If it is done through normal file shares then it is doing Windows > Challenge/Response with usually Integrated Authentication. *So, not onlyis > the password not in clear text, the password doesn't even go over the wire > to begin with,...that is what Challenge/Response is all about. > > The worst way to do it would be via FTP,...which does send the whole thing > in Clear Text. > > -- > Phillip Windellwww.wandtv.com > > The views expressed, are my own and not those of my employer, or Microsoft, > or anyone else associated with me, including my cats. > ----------------------------------------------------- > > "Eric" <ericsta...@gmail.com> wrote in message > > news:4ea46979-05b0-403f-80ff-(E-Mail Removed)... > > > > > Hello, I am not sure if this is the right forum for this, if not could > > you please point me in the right direction. > > > I work at a large Univeristy and we are taking over hosting a website > > for another department. What we are looking for is a secure way for > > the users of the other department to transfer the files to our web > > server using network share. > > > When you transfer files this way does it encrypt your user name and > > password or does it send them across as clear text? If it is clear > > text is there a way to encrypt it? > > > Thank You- Hide quoted text - > > - Show quoted text -
|
|
#4
01-03-2008, 10:01 PM
|
|||
|
|||
|
Re: Secure Methods of file transfer over network shares
If it is done with Windows Sharing then it is still Callenge/Response,...it
just doesn't have the Integrated Authentication element because there is no Trust between the Domains. Integrated Authentication just means that it automatically uses the credentials the user logged into their machine with,...while the Callenge/Response is the method via which the authentication happens. When the user is prompted for credentials they are simply doing manually what the Integrated part would have done otherwise,...but the Ch/Resp still happens as far as I know. -- Phillip Windell www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- "Eric" <(E-Mail Removed)> wrote in message news:594a4330-08c9-4377-99e1-(E-Mail Removed)... Thank you for the response Phillip. I should have explained alittle better how we are set up. Even though we are within the same univeristy we manange our own network where as the department whos website we are hosting is not managed by us. We are not on the same domain. We use Active Directory and they use Novell The only thing would be we are on the same IP range as the rest of campus but they are 2 completely differnet networks. What we would like to do is share the folder under wwwroot that holds their website files, with them over windows share such as setting up a user account on our server and than have them map the drive using the user account. And in that case would it be encrypted or sent as clear text? Thanks again Phillip On Jan 3, 3:33 pm, "Phillip Windell" <philwind...@hotmail.com> wrote: > If it is done through normal file shares then it is doing Windows > Challenge/Response with usually Integrated Authentication. So, not only is > the password not in clear text, the password doesn't even go over the wire > to begin with,...that is what Challenge/Response is all about. > > The worst way to do it would be via FTP,...which does send the whole thing > in Clear Text. > > -- > Phillip Windellwww.wandtv.com > > The views expressed, are my own and not those of my employer, or > Microsoft, > or anyone else associated with me, including my cats. > ----------------------------------------------------- > > "Eric" <ericsta...@gmail.com> wrote in message > > news:4ea46979-05b0-403f-80ff-(E-Mail Removed)... > > > > > Hello, I am not sure if this is the right forum for this, if not could > > you please point me in the right direction. > > > I work at a large Univeristy and we are taking over hosting a website > > for another department. What we are looking for is a secure way for > > the users of the other department to transfer the files to our web > > server using network share. > > > When you transfer files this way does it encrypt your user name and > > password or does it send them across as clear text? If it is clear > > text is there a way to encrypt it? > > > Thank You- Hide quoted text - > > - Show quoted text -
|
|
#5
01-03-2008, 10:23 PM
|
|||
|
|||
|
Re: Secure Methods of file transfer over network shares
Phillip,
So using this method it does not send the password to the server at all? You would think at some point it would have to send the password to be able to authenticate. Do you know what it sends or can you point me in the direction of some documents that would tell me? Thank you for your help. Eric On Jan 3, 4:01*pm, "Phillip Windell" <philwind...@hotmail.com> wrote: > If it is done with Windows Sharing then it is still Callenge/Response,...it > just doesn't have the Integrated Authentication element because there is no > Trust between the Domains. > > Integrated Authentication just means that it automatically uses the > credentials the user logged into their machine with,...while the > Callenge/Response is the method via which the authentication happens. *When > the user is prompted for credentials they are simply doing manually what the > Integrated part would have done otherwise,...but the Ch/Resp still happens > as far as I know. > > -- > Phillip Windellwww.wandtv.com > > The views expressed, are my own and not those of my employer, or Microsoft, > or anyone else associated with me, including my cats. > ----------------------------------------------------- > > "Eric" <ericsta...@gmail.com> wrote in message > > news:594a4330-08c9-4377-99e1-(E-Mail Removed)... > Thank you for the response Phillip. I should have explained alittle > better how we are set up. Even though we are within the same > univeristy we manange our own network where as the department whos > website we are hosting is not managed by us. We are not on the same > domain. We use Active Directory and they use Novell The only thing > would be we are on the same IP range as the rest of campus but they > are 2 completely differnet networks. > > What we would like to do is share the folder under wwwroot that holds > their website files, with them over windows share such as setting up a > user account on our server and than have them map the drive using the > user account. > > And in that case would it be encrypted or sent as clear text? > > Thanks again Phillip > > On Jan 3, 3:33 pm, "Phillip Windell" <philwind...@hotmail.com> wrote: > > > > > If it is done through normal file shares then it is doing Windows > > Challenge/Response with usually Integrated Authentication. So, not only is > > the password not in clear text, the password doesn't even go over the wire > > to begin with,...that is what Challenge/Response is all about. > > > The worst way to do it would be via FTP,...which does send the whole thing > > in Clear Text. > > > -- > > Phillip Windellwww.wandtv.com > > > The views expressed, are my own and not those of my employer, or > > Microsoft, > > or anyone else associated with me, including my cats. > > ----------------------------------------------------- > > > "Eric" <ericsta...@gmail.com> wrote in message > > >news:4ea46979-05b0-403f-80ff-(E-Mail Removed)... > > > > Hello, I am not sure if this is the right forum for this, if not could > > > you please point me in the right direction. > > > > I work at a large Univeristy and we are taking over hosting a website > > > for another department. What we are looking for is a secure way for > > > the users of the other department to transfer the files to our web > > > server using network share. > > > > When you transfer files this way does it encrypt your user name and > > > password or does it send them across as clear text? If it is clear > > > text is there a way to encrypt it? > > > > Thank You- Hide quoted text - > > > - Show quoted text -- Hide quoted text - > > - Show quoted text -
|
|
#6
01-04-2008, 01:12 AM
|
|||
|
|||
|
Re: Secure Methods of file transfer over network shares
In news:a4876da7-3771-4811-b757-(E-Mail Removed),
Eric <(E-Mail Removed)> typed: > Phillip, > > So using this method it does not send the password to the server at > all? You would think at some point it would have to send the password > to be able to authenticate. > > Do you know what it sends or can you point me in the direction of some > documents that would tell me? > > Thank you for your help. > > Eric I must agree and affirm Phillip's response. The password does NOT get send across during a Ch/Resp transaction but rather the hash does. The server creates a hash of the username and password, then the client connecting enters their user/pass and the worktation creates it's own hash based on the same algorithm (a proprietary method shared among all Microsoft products) and sends the hash across the wire. The server then compares the hash it received with the hash it created. If it matches, you are in. If not, you are not. HOwever I must point out there are tools out there to crack the hash. So if someone is deliberately running one of these tools targeting your machine or sitting there watching hashes fly across the wire, then it may be caught and the tool may crack it. If the solution you seek MUST secure traffic between two hosts so no one can get in, tools or not, use IPSec. That is your only choice with such a high secure requirement. -- Regards, Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft MVP - Directory Services Microsoft Certified Trainer Infinite Diversities in Infinite Combinations
|
|
#7
01-04-2008, 06:54 PM
|
|||
|
|||
|
Re: Secure Methods of file transfer over network shares
"Ace Fekay [MVP]" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)... > HOwever I must point out there are tools out there to crack the hash. So > if someone is deliberately running one of these tools targeting your > machine or sitting there watching hashes fly across the wire, then it may > be caught and the tool may crack it. There isn't much chance of that happening on a fully switched network (Layer2). They would have to hack into a Switch in the path and configure a Monitoring Port and then physically plug the tool into that monitoring port. -- Phillip Windell www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. -----------------------------------------------------
|
|
#8
01-04-2008, 10:16 PM
|
|||
|
|||
|
Re: Secure Methods of file transfer over network shares
Phillip, Ace,
Thank you for your help. You have answered my questions. Thanks again. Eric On Jan 4, 12:54*pm, "Phillip Windell" <philwind...@hotmail.com> wrote: > "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com> wrote in messagenews:(E-Mail Removed). .. > > > HOwever I must point out there are tools out there to crack the hash. So > > if someone is deliberately running one of these tools targeting your > > machine or sitting there watching hashes fly across the wire, then it may > > be caught and the tool may crack it. > > There isn't much chance of that happening on a fully switched network > (Layer2). *They would have to hack into a Switch in the path and configure a > Monitoring Port and then physically plug the tool into that monitoring port. > > -- > Phillip Windellwww.wandtv.com > > The views expressed, are my own and not those of my employer, or Microsoft, > or anyone else associated with me, including my cats. > -----------------------------------------------------
|
|
#9
01-05-2008, 03:09 AM
|
|||
|
|||
|
Re: Secure Methods of file transfer over network shares
In news:O9%(E-Mail Removed),
Phillip Windell <(E-Mail Removed)> typed: > "Ace Fekay [MVP]" <(E-Mail Removed)> wrote in message > news:(E-Mail Removed)... > > HOwever I must point out there are tools out there to crack the > > hash. So if someone is deliberately running one of these tools > > targeting your machine or sitting there watching hashes fly across > > the wire, then it may be caught and the tool may crack it. > > There isn't much chance of that happening on a fully switched network > (Layer2). They would have to hack into a Switch in the path and > configure a Monitoring Port and then physically plug the tool into > that monitoring port. True, Phillip, because of the switch discerning source/destination on each port. Good point. I caught someone that got into the server room where the switch was located and he put in a hub inline between the switch and the router. He was grabbing packets, but he didn't get any authentication traffic since that was not outbound. However I am always leary when it comes to security... :-) Ace
|
|
#10
01-07-2008, 04:43 PM
|
|||
|
|||
|
Re: Secure Methods of file transfer over network shares
"Ace Fekay [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)... > True, Phillip, because of the switch discerning source/destination on each > port. Good point. I caught someone that got into the server room where the > switch was located and he put in a hub inline between the switch and the > router. He was grabbing packets, but he didn't get any authentication > traffic since that was not outbound. However I am always leary when it > comes to security... Did you take him out into the back parking lot and "explain" it to him with a little violence sprinkled in. :-) -- Phillip Windell www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. -----------------------------------------------------
|
|
| Tags |
| file, methods, network, secure, shares, transfer |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
