Re: securing an FTP service
From: Alessandro Bottonelli (a.bottonelli_at_axis-net.it)
Date: 11/23/04
- Previous message: Alessandro Bottonelli: "Re: sesecuring access to workgroup for notebooks"
- In reply to: Davide: "securing an FTP service"
- Next in thread: Raphaël Rigo ML: "Re: securing an FTP service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Tue, 23 Nov 2004 09:26:17 +0100
On Tuesday 23 November 2004 00:11, Davide wrote:
>
> (internet)---(router)---(firewall)---(LAN)---(server)
>
the LAN is NATted? If so, you'll need to set Port Address
Translation on the firewall/nat.
> employees access from a remote location office using their win
> logon credentials (no anonym access is provided). The local
> branch office acceses internet with a dinamic IP provided by
> ISP. What security concerns are rised in this setting?
>
First, you don't know your branch offices IP address in advance,
so you cannot filter traffic based on source IP address.
> Should
> I use a DMZ, using the server to provide FTP services and
> moving the ftproot folder to another server INSIDE the DMZ
> (linked to a shared folder)?
>
I personally see this solution as being bad... You are moving
company's data in the DMZ, not a good idea in principle...
> How can I overcome the problem
> that FTP passwords are transmitted not enchrypted? Should a
> VPN between HQ provide the panacea for these problems?
>
VPN is a solution, maybe FTP over SSL is another (but I am not
familiar with Microsoft to point you to a specific product, any
takers?).
Cheers
-- Alessandro Bottonelli, CISSP & BS7799 Lead Auditor AXIS-NET Privacy & InfoSec Consulting http://www.axis-net.it
- Previous message: Alessandro Bottonelli: "Re: sesecuring access to workgroup for notebooks"
- In reply to: Davide: "securing an FTP service"
- Next in thread: Raphaël Rigo ML: "Re: securing an FTP service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
