[c-nsp] Feedback on upcoming removal of FTP access to secured software

[Leif Sawyer]

This seems very easy to overcome:

If you want  (s)ftp access, then you presign an agreement, which then associates
your userid with the secure server.

All access is now under the auspices of a signed agreement that you won't export.

If you take it a step further and use  ssh keys, then you've got an additional
layer of security for them.

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of David Freedman
> Sent: Tuesday, September 14, 2010 5:36 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Feedback on upcoming removal of FTP 
> access to secured software
> 
> >> ftp.cisco.com beginning early October 2010.
> > 
> > Dear Cisco Manager:
> > 
> > This is a poor decision and should be reconsidered; Cisco should be 
> > expanding, not reducing FTP access.  One should be able to 
> login via 
> > ftp with their CCO ID/password and download full encryption 
> software.  
> > If business needs dictate, then via FTP over SSL or a 
> similar secure, 
> > ftp-like protocol such as sftp (part of ssh).
> 
> As much as I disagree with the decision, I can understand 
> that they may have a complex set of processes and audit 
> requirements behind this (the site), i.e having users click 
> "I Agree" before every download (and not making this implicit 
> through downloading which I find odd)
> 
> I don't believe these are easily enforceable via (s)FTP, 
> though I'm sure there is a good middle ground here which 
> through lack of will on Cisco's part has not been explored.
> 
> David.
> 
> 
> 
> -- 
> 
> 
> David Freedman
> Group Network Engineering
> Claranet Group
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>