Re: securing an FTP service

From: Raphaël Rigo ML (ml_at_twilight-hall.net)
Date: 11/23/04

  • Next message: Juan B: "which security hotfixs to implemet ?" 
    Date: Tue, 23 Nov 2004 14:18:08 +0100
To: Davide <ak_71@libero.it>

    Davide wrote:
    >
    > Hi everybody. would you please give me some hints for the followin situation?
    > In a win-based network, a folder contains some documents
    > that have to be made available to company employees when
    > they are not in the HQ but they are in a local branch office
    > this is currently implemented by a FTP server (win 2kserver); the ftproot is the root dir of the documents.
    > the server is connected to internet:
    >
    > (internet)---(router)---(firewall)---(LAN)---(server)
    >
    > employees access from a remote location office using their win logon credentials (no anonym access is provided). The local branch office acceses internet with a dinamic IP provided by ISP. What security concerns are rised in this setting? Should I use a DMZ, using the server to provide FTP services and moving the ftproot folder to another server INSIDE the DMZ (linked to a shared folder)?
    > How can I overcome the problem that FTP passwords are transmitted not enchrypted? Should a VPN between HQ provide the panacea for these problems?
    >
    > thanks in advance
    > davide
    Hello,
    The problem is that (if I understand your network correctly), everybody
    in the lan is able to sniff the passwords as they are transmitted in
    plaintext. One of the easiest ways to get more security without changing
      your network would be to use a TLS/SSL enabled FTP servers, along with
    clients supporting this.
    I am not aware of any TLS enabled FTP server for windows licensed under
    a free license but a good commercial one is Blackmoon Ftp Server.
    For the clients, still on Windows, I can only recommend FileZilla
    (http://filezilla.sf.net) which is a really good FTP/SFTP Client
    licensed under the GPL.

    I hope this helps.
    Raphaël

  • Next message: Juan B: "which security hotfixs to implemet ?"

    Relevant Pages

    • Re: Bestcrypt brute force
      ... >> The problem is that (if I understand your network correctly), ... >> a free license but a good commercial one is Blackmoon Ftp Server. ...
      (Security-Basics)
    • Re: Licensing problem
      ... Unplug the network cable. ... I ran the script, and it worked fine. ... Microsoft MVP ... not an academic volume license. ...
      (microsoft.public.mac.office)
    • Re: How do I translate Computer Name to MAC Address?
      ... Have you considered the possibility that some computers don't have network ... multiple adapters? ... > to lock a license to the computer it is issued to. ... > MAC Address of the machine's network card as a unique computer ID. ...
      (microsoft.public.vb.winapi)
    • Re: How do I translate Computer Name to MAC Address?
      ... Have you considered the possibility that some computers don't have network ... multiple adapters? ... > to lock a license to the computer it is issued to. ... > MAC Address of the machine's network card as a unique computer ID. ...
      (microsoft.public.win32.programmer.networks)
    • Re: Domain Controller could not be contacted
      ... All clients running XP. ... address nor can I force one to gain network access. ... No error event log has ... I was receiving a license error log. ...
      (microsoft.public.win2000.networking)