Re: best way to secure an FTP server in IIS 5 and IIS in general ???
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 02/12/03
- Next message: Gary: "Repeated Unsuccessful Attacks to OS and ???"
- Previous message: Mike Begin: "IIS / OWA"
- In reply to: _Matt_: "best way to secure an FTP server in IIS 5 and IIS in general ???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Wed, 12 Feb 2003 15:44:37 -0500
SSL is a good idea if you are not using the anonymous user... but it's
probably not the way you were hacked.
How to secure any Windows computer, including IIS:
http://securityadmin.info/faq.htm#harden
http://securityadmin.info
Additionally, note that you should remove the Posix subsystem [instructions
above], and also never give the anonymous user both read and write
permission to any one folder.
If you want to encrypt your data stream to hide passwords, there's no native
way to do this within IIS. There is some third party software addons or
third party FTP servers, even free ones I believe, that will do this. Try
looking here for some options:
http://securityadmin.info/faq.htm#iis
If you're ever hacked, you should first do an investigation to find out how
it was done and whether any other computers were affected, so you can avoid
making the mistake a second time. Here's a start on how to try this:
http://securityadmin.info/faq.htm#hacked
This is probably mentioned in the hardening linnk above, but setting up
auditing is probably a good idea too:
http://securityadmin.info/faq.htm#auditing
"_Matt_" <matt.fahnestock@brconstserv.com> wrote in message
news:eY4zoHq0CHA.2816@TK2MSFTNGP09...
> What is the best way to secure an FTP server in IIS 5 and IIS in general
???
>
> Right, now have it set up with 2 accounts... an ftp incoming account and
an
> ftp outgoing account with correct virtual directories and associated NTFS
> permissions. Now, is there a way to deny the creation of directories
(i.e.
> stop hackers from creating the COM and LPT special directories) ???? Is
> there a way to stop reading files and just view the directory contents...
in
> NTFS, just using list folder contents, returns a read error... Also, is
> there a way to have the server place the files in a secure temporary
> location (for the incoming folder) until the posts can by checked
> automatically or manually by virus/trojan scanners and not immediately
> post/run in the folder ???
>
> These questions are in response to having the FTP server hacked and had to
> reset up the entire server due to a trojan... So what is the best way to
> secure IIS ??? Or should everyone just uninstall it and buy software that
> supports SSL on the FTP server ????
>
>
>
>
- Next message: Gary: "Repeated Unsuccessful Attacks to OS and ???"
- Previous message: Mike Begin: "IIS / OWA"
- In reply to: _Matt_: "best way to secure an FTP server in IIS 5 and IIS in general ???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
