Home|About IS&T|Contact Us|For IS&T Staff

Search Advanced Search

 

On this page:
Overview
Why Use Kerberized FTP?
Obtain Kerberized FTP
Other Options

Overview

Kerberized FTP programs are file transfer programs that run on Windows and Macintosh computers with Ethernet or PPP dial-up connections such as MIT's Tether. Kerberized FTP provides secure authentication of your FTP sessions without passing your Kerberos password in the clear across the Internet.

When you are not protected intruders can gain unauthorized access to files and accounts on MITnet and the Internet by intercepting a cleartext userID and password. With this userID/password pair, an intruder can log in to various machines and wreak havoc. Sending your password over the network in the clear is a grave security risk.

You can avoid this kind of theft by using secure FTP, whenever possible. It is important to remember that both client and server must be running Kerberos in order for the connection to be secure (most servers at MIT are Kerberized, contact your server administrator if you are not certain).

Why Use Kerberized FTP?

Computer security is a concern at MIT. Security breaches have been posed from within and outside the Institute. Among the breaches are snoopers who use "packet sniffing" tools, which are widely available and impossible to detect. These tools let snoopers capture userids, passwords, and other data transmitted across a network. Snoopers can then gain unauthorized access to accounts and files on the Internet.

If you use FTP to move files between computers, for instance to move HTML files from your desktop computer to Athena for publication on the Web, you should be concerned about protecting your username and password. Insecure FTP applications transmit these items "in the clear" (without protection).

To protect your userid and password when you FTP, use a program with Kerberos authentication (e.g., Kerberized FTP). This proves to a remote host that you really are you, without sending your password.

Obtain Kerberized FTP

• Fetch for Macintoshes
• SecureFX for Windows

Other Options

For more information about using secure file transfer programs at MIT, including options for using the SSH (secure shell) protocol as an alternative to Kerberos, see Secure File Transfer at MIT.

Back To Top