|
Home > Archive > IIS Server Security > June 2005 > Most secure solution for ftp (IIS?)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Most secure solution for ftp (IIS?)
|
|
| hal@nospam.com 2005-06-13, 5:52 pm |
| So I have a graphics person who wants anonymous ftp for print shops
and external consultants to upload graphics too big to email. Ok,
easy enough, I went out and got Cerberus and put it on our spare DMZ
server and set up anon access. A GUI client, a short sheet on how to
set up a profile, log in and drag and drop files. Should be good to
go, but that is too hard for the browser dummies and they insist all
they need do is browse to the site and copy and paste files. So I
guess IIS can support this (OK, so I am an IIS dummy) , I put on the
ftp server, but there doesn't seem to be much with authentication
control except accept/deny host settings. Seems horribly insecure to
me. What is the easiest and safest way to implement this? I assume
all I need to is set default ftp directory to a shared folder my
internal users can browse (?). Recommended alternatives appreciated.
thanks
Hal
| |
| Bernard Cheah [MVP] 2005-06-13, 8:48 pm |
| IIS FTP doesn't support any mean of security, communication between client
and server is in clear text mode. You can get a third pary solution which
support SSL or you can secure the connection via VPN.
Moving on to server side, you can control access via proper NTFS
permissions. E.g. if userA is not suppose to have access to certain folder,
then do not grant read permission for userA on that particular folder.
--
Regards,
Bernard Cheah
http://www.microsoft.com/iis/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
<hal@nospam.com> wrote in message
news:2rqra19kqsv5mum6i76c4idnlfh493t1e6@
4ax.com...
> So I have a graphics person who wants anonymous ftp for print shops
> and external consultants to upload graphics too big to email. Ok,
> easy enough, I went out and got Cerberus and put it on our spare DMZ
> server and set up anon access. A GUI client, a short sheet on how to
> set up a profile, log in and drag and drop files. Should be good to
> go, but that is too hard for the browser dummies and they insist all
> they need do is browse to the site and copy and paste files. So I
> guess IIS can support this (OK, so I am an IIS dummy) , I put on the
> ftp server, but there doesn't seem to be much with authentication
> control except accept/deny host settings. Seems horribly insecure to
> me. What is the easiest and safest way to implement this? I assume
> all I need to is set default ftp directory to a shared folder my
> internal users can browse (?). Recommended alternatives appreciated.
>
> thanks
>
> Hal
| |
| Jeff Cochran 2005-06-14, 2:49 am |
| On Mon, 13 Jun 2005 14:35:30 -0600, hal@nospam.com wrote:
>So I have a graphics person who wants anonymous ftp for print shops
>and external consultants to upload graphics too big to email. Ok,
>easy enough, I went out and got Cerberus and put it on our spare DMZ
>server and set up anon access. A GUI client, a short sheet on how to
>set up a profile, log in and drag and drop files. Should be good to
>go, but that is too hard for the browser dummies and they insist all
>they need do is browse to the site and copy and paste files. So I
>guess IIS can support this (OK, so I am an IIS dummy) , I put on the
>ftp server, but there doesn't seem to be much with authentication
>control except accept/deny host settings. Seems horribly insecure to
>me. What is the easiest and safest way to implement this? I assume
>all I need to is set default ftp directory to a shared folder my
>internal users can browse (?). Recommended alternatives appreciated.
You could start with using authenticated users.
Jeff
| |
| Kristofer Gafvert [MVP] 2005-06-14, 2:49 am |
| As already said, you can use Authentication and then control access using
NTFS.
Another solution is to use WebDav over SSL (so you do not send the
credentials in clear text).
--
Regards,
Kristofer Gafvert (IIS MVP)
www.gafvert.info - My Articles and help
www.ilopia.com
hal@nospam.com wrote:
> So I have a graphics person who wants anonymous ftp for print shops
> and external consultants to upload graphics too big to email. Ok,
> easy enough, I went out and got Cerberus and put it on our spare DMZ
> server and set up anon access. A GUI client, a short sheet on how to
> set up a profile, log in and drag and drop files. Should be good to
> go, but that is too hard for the browser dummies and they insist all
> they need do is browse to the site and copy and paste files. So I
> guess IIS can support this (OK, so I am an IIS dummy) , I put on the
> ftp server, but there doesn't seem to be much with authentication
> control except accept/deny host settings. Seems horribly insecure to
> me. What is the easiest and safest way to implement this? I assume
> all I need to is set default ftp directory to a shared folder my
> internal users can browse (?). Recommended alternatives appreciated.
>
> thanks
>
> Hal
|
|
|
|
|