|
Whatever you do, make sure what you're doing is secure. I know that you might not be dealing with the most confidential or business-critical data, but its still immeasurably important. I'm a software security and penetration tester by day and insecure FTP is my favorite thing to see in organizational security audits. Plain text usernames and passwords make things so easy. No 'sploits necssary, just grab their username and password and wreak havoc like you're them.
Use SFTP if you must use FTP - there are tons of great tools out there that provide SSL or SSH tunnels for otherwise insecure FTP.
Also, another one of the primary concerns in enterprise security these days are when corporations roll out VPN solutions or otherwise grant access to internal devices and services to random employee X working from their home computer. You've got to accompany it with some sort of assurance that the home user's computer itself is not compromised.
__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel
|