Secure FTP


Z

Zen Andreas

I want to create an secure ftp account on our server. But the
criteria is that other colleagues should not require specialised
software to connect. There is the option of using IIS but knowing
that large sections of the global community are designing nifty
tricks to hack or just breach whatever security arrangement it
can offer, I was wondering what other practical alternative
solutions are available.

Your advice would be much appreciated.

Thanks in advance,
Zen
 
Ad

Advertisements

R

Robert Moir

Zen said:
I want to create an secure ftp account on our server. But the
criteria is that other colleagues should not require specialised
software to connect. There is the option of using IIS but knowing
that large sections of the global community are designing nifty
tricks to hack or just breach whatever security arrangement it
can offer, I was wondering what other practical alternative
solutions are available.

Your advice would be much appreciated.

Thanks in advance,
Zen
"Secure FTP" is a nice set of buzzwords but what *Exactly* do you require?
And what do you mean by "no specialised software"? All the meanings I can
strain out of that statement put you in conflict with any way of securing
FTP I can think of because you've already gone beyond needing users to click
on a link in a webpage and drool all over the mouse until something happens.

http://www.wftpd.com/wftpdpro.htm is definately worth a look once you know
exactly what you need.

Oh and people will try and hack your systems no matter what platform you
choose. Get used to it.

--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.
 
L

Lanwench [MVP - Exchange]

In addition to Robert's reply (with which I agree), I wouldn't do this
in-house. You can get a cheap webhosting account with an external provider
and use it for FTP - a lot safer than doing this on your own domain/network.
 
Ad

Advertisements

E

ESVOIT

For securing IIS and Windows, see here:

www.microsoft.com/technet/security
www.nsa.gov/snac
http://securityadmin.info/faq.asp#harden
http://securityadmin.info/faq.asp#ftpfolder
http://securityadmin.info/faq.asp#ftpencrypt

FYI, there is no way to do FTP that securely encrypts passwords without
requiring your users to use third party software. The only option I know of
for encrypted file transfer with no third party clients is to use a web
server with WebDAV such as the projects at www.webdav.org/projects along
with a web server certificate such as www.freessl.com Other alternatives
include using anonymous FTP, although everyone would be able to see any
files on your server with no password required, or to enable passwords and
not encrypt them. [The main risk of the latter is someone sniffing your
passwords, but this may be secure enough depending on your security needs.]

Whatever you do, don't permit anonymous user e.g. the IUSR account to both
read and write to any one FTP folder... instead, create a read only download
folder and a write only, no read "upload" folder.

Microsoft IIS can be plenty secure if you configure it properly and install
all the necessary patches regularly.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Secure Ftp 2
Ftp Security Help!!!!!!!! 2
IIS - FTP Security 2
FTP ? 11
FTP 7
FTP Problems 0
FTP Problem 1
ftp problems 2

Top