|
-
September 7th, 2005, 02:44 AM
#1
Member
Securing FTP for your enterprise
At work we are looking to setup an FTP server, however I'm looking for suggestions on securing it. I know there are many options available, encypting just login info, encrypting all data transfered, different types of encryption\certificates, etc. But what have you guys played with\implemented out there. Its a nightmare over here, our users are not very computer savvy and the management has tightened the purse strings.
We've already discussed putting it in the DMZ zone of the firewall. Also due to hardware standards that must be met it needs to run on a Microsoft Win2K3 server.
Any suggestions?
-
September 7th, 2005, 02:51 AM
#2
don't use ftp for anything in the enterprise..EVER.
Purchase Tectia from SSH.com (ssh server for windows)
run cygwin & ssh
run SFU - Services for Unix on a windows box and install ssh on it, then restrict it to SFTP.
If you MUST use ftp, use VSFTPD
Also due to hardware standards that must be met it needs to run on a Microsoft Win2K3 server.
Wouldn't that be a software standardization?
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
September 7th, 2005, 02:52 AM
#3
What threats are you trying to mitigate (protecting the traffic? just protecting the system from compromise? etc), are you held accountable to any standards and, what is your budget?
cheers,
catch
-
September 7th, 2005, 10:16 AM
#4
You need throw in more details,
1. What kind of enterprise are you running ?.
2. Why and for what do you need ftp?.
etc.
The basic questions
-
September 7th, 2005, 11:58 AM
#5
don't use ftp for anything in the enterprise..EVER.
I disagree with this "advice".
Without knowning his requirements it seems quite silly to even give advice... should cdrom.com switch to SFTP? Let us see what the requirements are before getting all fascists.
cheers,
catch
-
September 7th, 2005, 01:13 PM
#6
Originally posted here by catch
I disagree with this "advice".
Without knowning his requirements it seems quite silly to even give advice... should cdrom.com switch to SFTP? Let us see what the requirements are before getting all fascists.
cheers,
catch
Since you like to think you know everything about anything, whatever blows your hair back.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
September 7th, 2005, 01:33 PM
#7
So a senior & a mod are now busy being catty!
And the answer to the Gixxer's question is what exactly?
What does this say about the quality of AO.
For goodness sake debate the point without being personally insulting, please.
If you want to be nasty to eachother take it to PM.
My 2c :-
There is merit in both points of view. Personally for sensitive private information I would favor the SSH/SFTP approach.
If you are serving files to the public, careful research of windows FTP servers would allow the selection of an appropriate application.
As warl0ck7 said, we need some more information to give accurate advice.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
September 8th, 2005, 07:13 PM
#8
Member
Thanks for responses guys. Sorry for delay in getting back to ya.
We primarily use FTP for field technician to transfer there rather large finding files back to the company. We also have instances where customers have been given login id's to the FTP server to transfer data back and forth to program mangers. We already have a policy in place that basically says that no classified or sensitive data should be stored on that box but I wanted to take it a step further and secure it.
When I say "secure it" I mean two seperate things. Maybe just encrypting the login information back and forth would be good enough in this case. Any recommendations for this?
Also depending on cost, maybe I might suggest that we encrypt both login information and data. Any recommendations?
So to answer the questions that were posed:
HOGFLY: Yes that would be a sw standard wouldn't it
CATCH: Im trying to make it harder to compromise the system. Not sure on budget.
WARLOCK: I guess we really don't need FTP per se but we do need an efficent, secure way to transfer large files back and forth.
Steve: We don't serve the public in general we mainly need to serve just our own guys and a few customers. Is SSH and SFTP something rather easy to setup and administer?
I would then assume that anyone that needs to connect to the box to transfer files would need a client that supports SSH and SFTP. Can you still copy\paste from a browser after implementing this securtiy. Not sure if IE automatically adjusts its transfer mode as it detects a certain type of traffic. I would ASSume it doesn't
Thanks for your help guys
-GIXxER
-
September 8th, 2005, 07:55 PM
#9
try these:
MS 2003 Guide
Scroll to Win 2000 guides
10 Steps to a Secure FTP Server
Personally, i would not use windows for FTP. there are tons of veryeasy to setup and much smaller attack surface *nix based FTP servers. vsftp is very good!
but if you must use windows, well you know best.
-
September 8th, 2005, 08:39 PM
#10
Gixxer: just a for instance..if you purchased tectia from ssh.com you could use their client as well. Or you could download winSCP from winscp.net.(both are GUI drag and drop)
SSH and SFTP are easy to set up and maintain.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
