Re: What is more worse: Open ftp ports or open vpn port with pptp?

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 02/25/05

• Next message: Roger Abell: "Re: deny access to IIS virtual directory"
• Previous message: Louis schreyer: "How to block an IP range on w W2K server?"
• In reply to: Louis schreyer: "What is more worse: Open ftp ports or open vpn port with pptp?"
• Next in thread: Jeff Cochran: "Re: What is more worse: Open ftp ports or open vpn port with pptp?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 25 Feb 2005 05:27:09 -0700

Well, if you mean use of the FTP that ships with Windows,
then of course its use is not recommended for authenticated
FTP access as the password exchange is in the clear.
There are third-party FTP servers (and their clients) that will
use a secured FTP login exchange.
IIRC you would want to use MSChap rather than industry
standard Chap for the VPN, given that you cannot use L2TP.
With the VPN you can tweak the login requirements so that
you can feel fairly sure someone would need to thread the
needle in order to get in.

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Louis schreyer" <spam1@aquarix.de> wrote in message
news:cvmqof$dic$00$1@news.t-online.com...
> I would like to access my W2K webserver via a vpn with pptp connection
> (chap2, password with >24 characters).
> I now use the built-in ftp server from w2k server.
>
> What is more secure? Leave the ftp ports open to the public or the vpn
port?
> The vpn connection would be nicer for me to work with, but I am not sure
if
> it is safe enough. I cannot opn a l2tp connection, my router will not let
me
> connect to the server with L2TP, so only PPTP is left.
>
> Any suggestions?
>
> Louis
>
>

---

• Next message: Roger Abell: "Re: deny access to IIS virtual directory"
• Previous message: Louis schreyer: "How to block an IP range on w W2K server?"
• In reply to: Louis schreyer: "What is more worse: Open ftp ports or open vpn port with pptp?"
• Next in thread: Jeff Cochran: "Re: What is more worse: Open ftp ports or open vpn port with pptp?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Binding FTP Server Service to Internal Network Card ... used to establish the VPN tunnel should be present in the AD. ... you can use some 3rd-party FTP applications such as WS_FTP. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... (microsoft.public.windows.server.sbs) Re: OWA not seen from RWW Main Menu ... The RRAS wizard is indeed for VPN or modem dialup to your server. ... You don't check FTP, as you surely are not running FTP server on your box, ... But I will personally always use your shortcut to OWA. ... (microsoft.public.windows.server.sbs) Re: VPN to ISA server, cant FTP through it ... FTP connection for that matter. ... Repeat the monitoring with the filter set to Client IP# as the FTP Server. ... through a VPN, will they not be encrypted anyway? ... then the Source Network would be the "created" Network that ws created when ... (microsoft.public.isa.vpn) Re: VPN, FTP, or remote desktop ... I would recommend a VPN versus FTP simply because of security issues. ... You could also look at using Secure Shell (SSH) versus VPN. ... require a PC at either site to be running as a SSH server for remote access. ... (microsoft.public.windowsxp.network_web) Re: accessing part files via the internet ... Instead of using the FTP ... Once you have the VPN connection open, ... Log in with Remote Desktop ... (comp.cad.solidworks)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)