Re: FTP Server HELP!!!
From: MCSEGURU (mcseguruhere_at_aol.com)
Date: 09/21/05
- Next message: MCSEGURU: "Fast User Switching in Domain Member mode / Authentication Ticket security risks"
- Previous message: Tom Pepper Willett: "Re: How blocking some attachments helps protect your computer"
- Maybe in reply to: MCSEGURU: "FTP Server HELP!!!"
- Next in thread: IWSEC: "Re: FTP Server HELP!!!"
- Reply: IWSEC: "Re: FTP Server HELP!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Sep 2005 20:49:23 -0400
Great Tips.
Most have been implemented. I do leave it open, mostly for my own access
convenience while traveling (althougth VPN would be safer, other peoples
Firewalls can make this a challenge at times). FTP root-dir has no write
access at all. Only one "hidden" vir-dir has write access, and it's limited
to only one account. Anonymous access has been disallowed, although I've
thought of creating an anonymouse Vir-Dir with read-only access for a honey
pot. However, I am unsure if the anonymous would be able to traverse parent
paths, and elevate ones self. That much "hacking" knowledge I'm afraid I
don't have.
Thanks.
"IWSEC" <IWSEC@discussions.microsoft.com> wrote in message
news:890E49E5-0540-4205-A785-7C2A687A17D4@microsoft.com...
> Hi,
> Here's some suggestions:
>
> 1. Edit the local security policy and only allow the specific accounts (or
> groups) that need to be able to access the server over a network.
> 2. Once you have renamed your admin account, create another account called
> Administrator and give it no rights or permissions. That way a hacker
> wastes
> his time trying to break what he thinks will give him admin permissions.
> Hopefully you will see this traffic in the logs and could block his IP
> address.
> 3. Do you need FTP to be available to anywhere or is there only specific
> fixes IP addresses that will access it? If so tie down the firewall to
> only
> allow FTP to those specific addresses.
> 4. Make sure your FTP root is configured for specific accounts only and no
> anonymous logons are allowed.
>
> Hope that helps!
>
> Cheers IWSEC
> www.iwsec.co.uk
>
> "MCSEGURU" wrote:
>
>> An unknown user used a program to try to script through about 8 different
>> usernames, and like 300 passwords each in attempts to hack my FTP Server
>> on
>> my SBS 2003 Premium Server. Dilema, I hadn't ever created a "just in
>> case"
>> backup admin account. I try to never use admin privledges on the server,
>> and with the negative implications of following the recommendations to
>> rename Administrator, I have hesitated to do so, however after 300 failed
>> login attempts, the Administrator account was locked out. Now I've
>> recovered my access to my system, but I have some "obscurity" goals I'd
>> like
>> to try.
>>
>> I have found the following and implemented it:
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;826270
>>
>> Now I would like my FTP SVC to at the least broadcast external.domain.com
>> rather than server.domain.local on the "Connected to:" line. Any other
>> recommendation on securing my "Read Only" FTP server would be greatly
>> appreciated.
>>
>> Thanks,
>>
>>
>>
- Next message: MCSEGURU: "Fast User Switching in Domain Member mode / Authentication Ticket security risks"
- Previous message: Tom Pepper Willett: "Re: How blocking some attachments helps protect your computer"
- Maybe in reply to: MCSEGURU: "FTP Server HELP!!!"
- Next in thread: IWSEC: "Re: FTP Server HELP!!!"
- Reply: IWSEC: "Re: FTP Server HELP!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
