Re: Suggestions
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Thu, 26 Jan 2006 22:31:13 -0700
Since the MS provided FTP is not Secure FTP and the
authentication takes place in clear text on the network,
the "real" answer is that neither is a good solution nor
"secure".
Given that, if there is then still meaning to "more secure"
based only on the different IIS config for the FTP service,
I would say that it is a total wash. To control access you
would be leveraging NTFS permissions on the storage in
either case. In the single FTP server situation one could
use one single storage area or multiple vdirs of separate
storage areas. There is a slight difference as MS FTP
does not allow parent path traversal to real storage above
the folder used as the vdir root (unlike MS WWW).
But, I do not see any real security difference between the
three scenarios (your two, with the single server configured
with one big or multiple smaller vdirs). In all cases an account
is contained to what NTFS allows to it, and in all cases it is
a single FTP service that is running. The differences are in
details of the service's instancing and in user perception and
convenience or inconvenience.
--
Roger Abell
Microsoft MVP (Windows Server : Security)
"Bad Beagle" <maxwelli@xxxxxxxxxxxxxxxx> wrote in message
news:%23NwJNYpIGHA.2896@xxxxxxxxxxxxxxxxxxxxxxx
>I am doing some consolidation of Windows 2003 IIS servers. What is more
>secure - to have 1 ftp server shared by all IIS servers using virutual
>directories or running 4 individual ftp servers without virutual
>directories and using ntfs to lock it down? Any suggestions would be
>appreciated.
>
.
- References:
- Suggestions
- From: Bad Beagle
- Suggestions
- Prev by Date: Re: What is the difference between logging into an AD Domain versus connecting to network resource?
- Next by Date: Re: building a web site
- Previous by thread: Suggestions
- Next by thread: Re: Suggestions
- Index(es):
Relevant Pages
|
|
