Security Basics mailing list archives
Re: securing an FTP service
From: Alessandro Bottonelli <a.bottonelli () axis-net it>
Date: Tue, 23 Nov 2004 09:26:17 +0100
On Tuesday 23 November 2004 00:11, Davide wrote:
(internet)---(router)---(firewall)---(LAN)---(server)
the LAN is NATted? If so, you'll need to set Port Address Translation on the firewall/nat.
employees access from a remote location office using their win logon credentials (no anonym access is provided). The local branch office acceses internet with a dinamic IP provided by ISP. What security concerns are rised in this setting?
First, you don't know your branch offices IP address in advance, so you cannot filter traffic based on source IP address.
Should I use a DMZ, using the server to provide FTP services and moving the ftproot folder to another server INSIDE the DMZ (linked to a shared folder)?
I personally see this solution as being bad... You are moving company's data in the DMZ, not a good idea in principle...
How can I overcome the problem that FTP passwords are transmitted not enchrypted? Should a VPN between HQ provide the panacea for these problems?
VPN is a solution, maybe FTP over SSL is another (but I am not familiar with Microsoft to point you to a specific product, any takers?). Cheers -- Alessandro Bottonelli, CISSP & BS7799 Lead Auditor AXIS-NET Privacy & InfoSec Consulting http://www.axis-net.it
Current thread:
- securing an FTP service Davide (Nov 22)
- RE: securing an FTP service pingywon (Nov 23)
- Re: securing an FTP service Alessandro Bottonelli (Nov 24)
- Re: securing an FTP service Raphaƫl Rigo ML (Nov 24)
- Bestcrypt brute force Javier Sanchez (Nov 25)
- Re: Bestcrypt brute force GuidoZ (Nov 27)
- Bestcrypt brute force Javier Sanchez (Nov 25)
- <Possible follow-ups>
- Re: securing an FTP service Davide (Nov 25)