Apr 29, 2007

Securing Unsecure Protocols

Do you have an FTP server running? Maybe you still use telnet for something on your network. Perhaps, you are a VNC user. Maybe you host your own web server, or POP3 e-mail server. All of the protocols used to make the services on those server work, are unsecured, and can easily be intercepted and/or monitored by third parties.

I already told you about Filezilla in a previous post, which uses FTPS, a secure file transfer protocol, but what if you are a fan of Microsoft's IIS service for running your FTP, or another unsecured FTP server software that still uses ports 20 and 21 and sends your passwords in plain text. Some people just don't like switching their server software. Sometimes due to laziness, and other times because it is too much of a pain.

There is a solution my friends, and it comes in the form of Open Source. It is called STUNNEL. STUNNEL provides a secure wrapper for any unsecured protocol you have, and encrypts the data connection using SSL. Take for instance my web server. Behind my firewall it is listening on port 80. My firewall, however is only open to port 443 (The port https uses). When you type https://pdbauer.com in your browser your traffic on port 443 gets forwarded through my firewall to my web server where STUNNEL is listening for 443 traffic. STUNNEL then forwards that traffic to port 80 where my web server service is listening. The whole process is encrypted using a self signed SSL Certificate I made using OpenSSL. Of course, you can do the same with a purchased certificate from a certificate authority like Comodo, Verisign, Thawte etc.

You can do the same thing to secure your POP3 e-mail, VNC, and FTP servers. There are so many options available with this, it really is a great tool for the security conscientious.



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam