RE: Secure FTP Client (WEBDAV)

adisegna_at_siscocorp.com
Date: 11/15/04

  • Next message: Michael C. McDonnell: "Re: Web logging" 
    Date: Mon, 15 Nov 2004 13:22:04 -0500
To: <simon.li@clipstream.co.uk>, <security-basics@securityfocus.com>

    Not sure about the file size you mention. I have only copied 650 MB ISO
    images up to this point. Those go through fine.

    WEBDAV uses IIS and virtual directories. I am using IIS 6.0 on W2k03.
    You will need to allow the WEBDAV web service extension in IIS and have
    certificate in order to use SSL. Basically, create a virtual directory,
    assign NTFS permissions to the directory, grant access through IIS, and
    open port 443 from your firewall into the DMZ.

    The scenario you have in mind would be perfect. Check Microsoft website
    (Technet) for info.

    Email me if you need help with the setup.

    AD

    -----Original Message-----
    From: Simon Li [mailto:simon.li@clipstream.co.uk]
    Sent: Monday, November 15, 2004 4:07 AM
    To: security-basics@securityfocus.com
    Subject: RE: Secure FTP Client (WEBDAV)

    > From: adisegna@siscocorp.com [mailto:adisegna@siscocorp.com]
    >
    > Actually WebDAV is the way to go in this area. You can map a
    > drive securely across the internet to transfer files. You can
    > access the same information through a web browser (for
    > download). The only port required to be open is 443 for SSL.
    > It works great for Technicians on the road as well as
    > customers needing access to documents and files. FTP is old news.

    This sounds like an interesting alternative at sftp. How does it compare
    in terms of setting up/maintaining separate private user accounts, and
    would you recommend it for transferring large files? The scenario I have
    in mind is having multiple accounts for clients with their own private
    filespace on our server, securely transferring large media files
    (perhaps up to 2GB or more) for us to process.

    Simon

  • Next message: Michael C. McDonnell: "Re: Web logging"

    Relevant Pages

    • Re: HOW TO IIS -Security
      ... After Disabling this it works better, ... IIS security just past it across. ... c)Do you have WebDAV enabled in the Web Service Extensions list? ...
      (microsoft.public.inetserver.iis.security)
    • Re: sfu nfs client contacting port 80 on nfs server
      ... MSFT has its WebDAV server-side on IIS boxes. ... No IIS means no DAV server. ... ask the SFU guys why their client is talking to the DAV client. ...
      (microsoft.public.win2000.file_system)
    • Re: Hacked Site
      ... For IIS 5, as I suggested before, you can disable it if it is not necessary ... If you need WebDAV, please use IIS Lockdown and URLscan ... utility to keep your web site in secure. ... it seems that you enabled WebDAV Publishing on your web site. ...
      (microsoft.public.win2000.security)
    • Re: Secure an upload page
      ... but as long as you are patched and have written your WebDAV ... probe for IIS or SSL, but those probes alone aren't necessarily reason to ... consider not using IIS or SSL. ... >> The most secure way to do downloads might be to use NTFS file ...
      (microsoft.public.inetserver.iis.security)
    • RE: WebDAV OPTIONS & PROPFIND - what creates those log entries?
      ... David Dietz -- IIS Technical Lead ... © 2001 Microsoft Corporation. ... WebDAV OPTIONS & PROPFIND - what creates those log entries? ...
      (microsoft.public.inetserver.iis.security)