MVSFORUMS.com

[semigeezer]

And don't forget about security!!

FTP transfers data in the clear unless you are using a form of Secure FTP (which is not the same as sftp). Any kid with a network sniffer can read it as it goes over the wire.

Running a daemon on your PC that is not approved by your employer and is used to provide potential access to company owned data is most likely a valid reason to fire you. Especially if you are running an unapproved ftp server or a server outside the firewall of your company or with connections outside the firewall (like P2P, instant messaging, etc). Look at any FTP server software maker's site and and you will probably find patches for security flaws. Just pulling a random server off the net because you found it on Google is dangerous at best. Any data transfer, and retention of company data on a desktop or laptop should be approved by your management and should use approved tools. This is especially true if you are employed in a company that maintains personal, identifiable information (acct numbers, names, balances, addresses, medical histories, etc). You can do strange things with FTP servers like use them as proxies so be very careful if you choose to install one that has access to your mainframe or sensitive data.
_________________
New members are encouraged to read the How To Ask Questions The Smart Way FAQ at http://www.catb.org/~esr/faqs/smart-questions.html.

[superk]

semigeezer, great response! I couldn't have said it better. Whenever I see such a question (or the other equally troubling questions regarding sending email attachments), it raises a whole bunch of red flags in my mind. Anyone who considers themself to be a true IT professional should be considering all of the issues you hit upon.

When reading a posting such as this one, it gets a little hard to determine the poster's real intent. On one hand, you might presume that the poster has a real business reason for needing to do this, and no company-wide policy that prohibits it. Of course, if it's an accepted practice, then why wouldn't the poster have all of the necessary procedures in place? On the other hand, these posts seem to sometimes be a request by someone to help them to bypass their own policies, of which I have a hard time reconciling with my own thoughts of business ethics.

[Sreejith]

Great lecture on ethics! I thought the site name is mvsforums not ethicsforum. The question was how to FTP to a PC and the answer is run an FTP server. There are plenty of times I had to do this b'cos the emulators file transfer times out and the client is looking for report in an excel sheet. I could tell them to start a project to deliver it in excel sheet and give them a lecture on ethics. I don't work that way.

If someone ask you for the direction to beach will you start with "you should not drive above the speed limit and put the seat belt on etc"

Have a great weekend!

[superk]

Sreejith, so you're saying that we as IT professionals should ignore all practical, audit, security, and ethical concerns just because a client wants something a certain way? That controls and standards and common business practices have no place in an IT organization?

[Sreejith]

superk,
I am not advocationg to ignore all those concerns you listed. But to take calculated risks that will not adversily affect the business. Sometimes these may be considered as breach of the "written policies". But if violation of these policies are for the best interest of business then I will go for it and recommend to change these policies.

It annoys me when I see the experts here start doubting the intention of OPs trying to find out simple things.

Sreejith

[semigeezer]

This isn't doubting intentions. In fact, it is quite the opposite. It is saying be wary of unintended consequences. I have had my company laptop stolen. I've seen people run sniffers to get passwords and data. I've done function and security testing of FTP products. I've read over 400 reports of security breaches against companies, many because of people who thought that "violation of these policies" are "for the best interest of business " Data protection is a very real issue.

Now you are going to tell me that someone who has never even heard of FTP, one of the oldest Internet protocols around, is going to be cognizant of the all of the dangers that using it exposes him, his employer and his customers to? With all due respect, I would not want to trust my information to someone who knows so little about data transmission and security. Feel indignant if you want to, but if you simply trust that a person knows everything about the unintended consequences of their actions simply because they are a 'professional', you are headed for trouble. It is, in fact the professionals that welcome additional advice regarding questions they ask. That, not the title, is what makes them professionals.
_________________
New members are encouraged to read the How To Ask Questions The Smart Way FAQ at http://www.catb.org/~esr/faqs/smart-questions.html.