Re: securing an FTP service

• Previous message: Roger A. Grimes: "RE: Basic questions about RADIUS authentication"
• Maybe in reply to: Davide: "securing an FTP service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 24 Nov 2004 15:15:22 -0000
To: security-basics@securityfocus.com

thanks pingywon and alessandro for your hints.
yes, the lan is natted. FTP service on the firewall
is redirected to the Server. I understand the fact that
since at branch office IP is dynamic i cannot
reject (at the firewall level) ftp requests
that do not come from IP others than branch office's.

But I think I failed to explain the prospected solution:
the ftp-server is placed in the DMZ
(internet)---(router)---(firewall)---(ftp-server)---(internal firewall AKA "holed fiewall")---(LAN)---(computer hosting the ftproot)

i.e. the ftproot sits in another computer inside the LAN. this would expose to the DMZ the NETBIOS sharing
needed to the ftp-server to access the ftproot:
on the internal firewall, netbios ports should be
redirected to the computer hosting the ftproot.
On the computer hosting the ftproot, we configure:
.a folder, containig the documents, read-only;
.another folder used to host the files the remote
user finally needs to give (put) to the colleagues
with read/write/delete access.
. users in the central office access the ftproot
as any normal shared resource in the LAN.

Does this setup give any sense?

thanks
davide

>On Tuesday 23 November 2004 00:11, Davide wrote:
>>
>>
(internet)---(router)---(firewall)---(LAN)---(server)
>>
>the LAN is NATted? If so, you'll need to set Port Address
>Translation on the firewall/nat.
>
[...]
>takers?).
>
>Cheers
>
>--
>Alessandro Bottonelli, CISSP & BS7799 Lead Auditor
>AXIS-NET Privacy & InfoSec Consulting
>http://www.axis-net.it
>

• Previous message: Roger A. Grimes: "RE: Basic questions about RADIUS authentication"
• Maybe in reply to: Davide: "securing an FTP service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]