John Croson's Blog Home

The Environment Image by justonlysteve via Flickr I work in an industry that deals with Protected Health Information (PHI). According to the Health Insurance Portability and Accountability Act (HIPAA) we need to apply certain measures to protect this information, and continue to improve those measures. Over time our company has increasingly found itself turning to the Internet to retrieve information regarding patient visits, explanation of benefits, remittance advise, bank statements, etc. The list grows daily. The Problem As this list grows, so do the accounts (username & password, and sometimes a challenge question). Keeping track of these is becoming a daunting task, and an even greater one is maintaining standards on password strength. In the IT support world, it is common to find weak passwords and poor account management practices: Written on Post-it Notes pasted under keyboards or worse, on the monitor. Using birthdays; pet, children, sibling, or spouse pet names; commo

Image by Micah68 via Flickr I've been using FileZilla FTP server for some time now and have been happy for the performance. Recently, we needed the ability to expose the FTP service to another client, and the documents that we'd be receiving would be arriving in an un-encrypted form, unlike our other clients. I decided I could simply enable FTPS , the SSL enabled FTP protocol and open a port to 990 on my ASA 5525 Security Appliance and NAT traffic to our server. Unfortunately I quickly found out that a passive FTPS server behind my firewall won't work without some specific configuration changes as discussed in this article . With all that fussing around, I decided to check out freeFTPd, a single deamon that offers both FTP and SFTP, not to be confused with FTPS, but the secure file transfer protocol that is common to the SSH ( secure shell ) protocol. It's fairly straight forward, but is a bit quirky and the documentation is non-existent. Follow some of my ti