Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-27-2019, 07:12 AM
rsantos rsantos is offline
Registered User
 
Join Date: Feb 2019
Posts: 4
Best Practices

Is there a "best practices" that SecureCRT should be installed with? For example features like TFTP are automatically enabled, however in our work environment because of the lack of encryption or authentication.
Reply With Quote
  #2  
Old 02-27-2019, 08:53 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,633
Hi rsantos,

SecureCRT provides *features* in its installation. "Best practices" for your organization would effectively govern the *use* of certain features, taking into consideration the convenience of a feature vs. the potential threat to security that same feature might introduce.

Security "Best Practices" depend on an individual organization's policies, standards, and goals. Without knowing anything about your organization, its policies, standards, and goals, it would be difficult to present to you any best practices for using SecureCRT features -- nor would it be practical to try and compose a universally-accepted standard of "best practices" that would apply to all existing or future organizations.

Regarding your specific reference to TFTP, SecureCRT does come with a built-in TFTP server. As is well known, the TFTP protocol is "trivial" -- so trivial that it doesn't include support for much of anything outside the ability to transfer a file; there's no authentication, no encryption, no protection against data tampering, etc.

Are you concerned solely about TFTP and what "best practices" you should adopt to address the security issues with the TFTP server, or are you asking a more general question about everything you would possibly need to know about all of SecureCRT's features that might pose a security risk?
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730

Last edited by bgagnon; 02-27-2019 at 10:37 AM.
Reply With Quote
  #3  
Old 02-28-2019, 07:59 AM
rsantos rsantos is offline
Registered User
 
Join Date: Feb 2019
Posts: 4
Best Practices

For example, I am looking to disable features like TFTP, if there is a possibility going into the registry and "greying" out the option so users are not able to use features that are deemed unsecure by my organization like TFTP or FTP within SecureCRT or SecureFX. Would that be done in the registry file if possible. Or things like if I'm SSH into a switch and the key is 1024 rather than 2048 encryption will I be able to set up SecureCRT to not let the user have access to that switch.
Reply With Quote
  #4  
Old 02-28-2019, 08:24 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,633
Hi rsantos,

Thanks for the clarification.

I have added this thread to the following feature requests in our product enhancement database:
  • Add an option to administratively disable all file transfer options that might not be considered secure (TFTP)
  • Add an option to administratively enforce minimum key size requirement (host key bit size, ADM template)
Should a future release of SecureCRT include either feature, notification will be posted here.

If you prefer direct email notification, send an email to support@vandyke.com and include "Feature Request - Forum Thread 13422" in the subject line or use this form from the support page of our website.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 09:21 PM.