Re: FTP Server HELP!!!
From: MCSEGURU (mcseguruhere_at_aol.com)
Date: 09/20/05
- Next message: Keith I: "Re: Forest/Domain in the "DMZ" to accomodate web, front-end servers"
- Previous message: SuperGumby [SBS MVP]: "Re: FTP Server HELP!!!"
- In reply to: SuperGumby [SBS MVP]: "Re: FTP Server HELP!!!"
- Next in thread: MCSEGURU: "Re: FTP Server HELP!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 19 Sep 2005 19:52:38 -0400
Don't you think MS should provide the resources to configure server
obscurity to the general public? I understand the argument to keep it in
"conformance" by default, but for those who are intersted in configuring
these things, my impression of why the Metabase is configurable in 2003, the
tools, feature sets should be available, no?
I feel obligated to the MS people to present the weaknesses of their product
(SBS, the all inclusive product that has it all, or so they think), and hope
they respond with at least their philosophy for not choosing to allow us the
flexibility.
It seems to me that the MSFTPSVC should be able to restrict logon based on
Group Membership, or specifically configured users? That would make things
much better. They did this for Remote Desktop in 2003. So that cures the
Account DB part, and the only thing left is the "Connected to:" option, that
if they were using the CEICW tool to it's fullest extent, it would configure
the SMTP response, the cert hostname, AND the FTPSVC. I mean why not? Talk
about a harvest vulnerability.
Now I know that there are much better FTP products, but with all the
advances MS is making, I think it's worth their interest in this thread to
at least ponder the options of adding the features.
Thanks,
Jeff
"SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
news:uUYXWOXvFHA.2948@TK2MSFTNGP15.phx.gbl...
> yeah, remove IIS FTP and install a third party FTP service which uses it's
> own account database.
>
> "MCSEGURU" <mcseguruhere@aol.com> wrote in message
> news:uWVpXMXvFHA.3100@TK2MSFTNGP12.phx.gbl...
>> An unknown user used a program to try to script through about 8 different
>> usernames, and like 300 passwords each in attempts to hack my FTP Server
>> on my SBS 2003 Premium Server. Dilema, I hadn't ever created a "just in
>> case" backup admin account. I try to never use admin privledges on the
>> server, and with the negative implications of following the
>> recommendations to rename Administrator, I have hesitated to do so,
>> however after 300 failed login attempts, the Administrator account was
>> locked out. Now I've recovered my access to my system, but I have some
>> "obscurity" goals I'd like to try.
>>
>> I have found the following and implemented it:
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;826270
>>
>> Now I would like my FTP SVC to at the least broadcast external.domain.com
>> rather than server.domain.local on the "Connected to:" line. Any other
>> recommendation on securing my "Read Only" FTP server would be greatly
>> appreciated.
>>
>> Thanks,
>>
>
>
- Next message: Keith I: "Re: Forest/Domain in the "DMZ" to accomodate web, front-end servers"
- Previous message: SuperGumby [SBS MVP]: "Re: FTP Server HELP!!!"
- In reply to: SuperGumby [SBS MVP]: "Re: FTP Server HELP!!!"
- Next in thread: MCSEGURU: "Re: FTP Server HELP!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
