Re: Is there any problem by running both ftp and Http in the same Machine

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 10/27/04


Date: Tue, 26 Oct 2004 22:42:54 -0700

Going beyond the need to have the machine and those services
properly configured, the biggest warning flag resulting from the running
of those three that I saw was FTP and its clear-text login weakness.
You might want to look into use of secure FTP instead of the FTP for
Window 2000 from MS.
(As was implied in prior reply, if the SQL is only going to interact with
your application on the same box, make sure tcp 1433/1434 are not
exposed.)

-- 
Roger Abell
"Andrew Mitchell" <amitchell@removecasey.vic.gov.au> wrote in message 
news:Xns958F3E767CA2casey01@207.46.248.16...
> "Aneesh" <aneesh.r@eostek.com> said
>
>> Hi,
>> I am very new to Windows 2000 security. V r planning to host our new
>> product which uses ftp, http, and SQL server.  i just wanna know, will
>> there be any pbms from the hackers,by running all these in the same
>> machine? if so how can we overcome this without using several individual
>> servers. I just wanna ensure that only some predefined members can
>> access the ftp. Pls explain the detail steps.
>
> FTP and HTTP should be fine. Are you planning on running SQL on the same 
> box?
> If so, I'd recommend you put the server behind a firewall and only open 
> ports
> 80 and 21 for incoming traffic.
>
> Just make sure you have all service packs, run the IISLockdown tool, and
> follow the steps in the Windows 2000 hardening guide.
> http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.m
> spx
>
> The IIS5 security checklist is also a good resouce and can be found at
> http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/iis
> /tips/iis5chk.mspx
>
> -- 
> Andy
>