So I have a graphics person who wants anonymous ftp for print shops
and external consultants to upload graphics too big to email.  Ok,
easy enough, I went out and got Cerberus and put it on our spare DMZ
server and set up anon access.  A GUI client, a short sheet on how to
set up a profile, log in and drag and drop files.  Should be good to
go, but that is too hard for the browser dummies and they insist all
they need do is browse to the site and copy and paste files.  So I
guess IIS can support this (OK, so I am an IIS dummy) , I put on the
ftp server, but there doesn't seem to be much with authentication
control except accept/deny host settings.  Seems horribly insecure to
me.  What is the easiest and safest way to implement this?  I assume
all I need to is set default ftp directory to a shared folder my
internal users can browse (?).  Recommended alternatives appreciated.

thanks

Hal

[ Post a follow-up to this message ]

IIS FTP doesn't support any mean of security, communication between client
and server is in clear text mode. You can get a third pary solution which
support SSL or you can secure the connection via VPN.

Moving on to server side, you can control access via proper NTFS
permissions. E.g. if userA is not suppose to have access to certain folder,
then do not grant read permission for userA on that particular folder.

--
Regards,
Bernard Cheah
http://www.microsoft.com/iis/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/


<hal@nospam.com> wrote in message
 news:2rqra19kqsv5mum6i76c4idnlfh493t1e6@
4ax.com...
> So I have a graphics person who wants anonymous ftp for print shops
> and external consultants to upload graphics too big to email.  Ok,
> easy enough, I went out and got Cerberus and put it on our spare DMZ
> server and set up anon access.  A GUI client, a short sheet on how to
> set up a profile, log in and drag and drop files.  Should be good to
> go, but that is too hard for the browser dummies and they insist all
> they need do is browse to the site and copy and paste files.  So I
> guess IIS can support this (OK, so I am an IIS dummy) , I put on the
> ftp server, but there doesn't seem to be much with authentication
> control except accept/deny host settings.  Seems horribly insecure to
> me.  What is the easiest and safest way to implement this?  I assume
> all I need to is set default ftp directory to a shared folder my
> internal users can browse (?).  Recommended alternatives appreciated.
>
> thanks
>
> Hal

[ Post a follow-up to this message ]

On Mon, 13 Jun 2005 14:35:30 -0600, hal@nospam.com wrote:

>So I have a graphics person who wants anonymous ftp for print shops
>and external consultants to upload graphics too big to email.  Ok,
>easy enough, I went out and got Cerberus and put it on our spare DMZ
>server and set up anon access.  A GUI client, a short sheet on how to
>set up a profile, log in and drag and drop files.  Should be good to
>go, but that is too hard for the browser dummies and they insist all
>they need do is browse to the site and copy and paste files.  So I
>guess IIS can support this (OK, so I am an IIS dummy) , I put on the
>ftp server, but there doesn't seem to be much with authentication
>control except accept/deny host settings.  Seems horribly insecure to
>me.  What is the easiest and safest way to implement this?  I assume
>all I need to is set default ftp directory to a shared folder my
>internal users can browse (?).  Recommended alternatives appreciated.

You could start with using authenticated users.

Jeff

[ Post a follow-up to this message ]

As already said, you can use Authentication and then control access using
NTFS.

Another solution is to use WebDav over SSL (so you do not send the
credentials in clear text).


--
Regards,
Kristofer Gafvert (IIS MVP)
www.gafvert.info - My Articles and help
www.ilopia.com


hal@nospam.com wrote:

> So I have a graphics person who wants anonymous ftp for print shops
> and external consultants to upload graphics too big to email.  Ok,
> easy enough, I went out and got Cerberus and put it on our spare DMZ
> server and set up anon access.  A GUI client, a short sheet on how to
> set up a profile, log in and drag and drop files.  Should be good to
> go, but that is too hard for the browser dummies and they insist all
> they need do is browse to the site and copy and paste files.  So I
> guess IIS can support this (OK, so I am an IIS dummy) , I put on the
> ftp server, but there doesn't seem to be much with authentication
> control except accept/deny host settings.  Seems horribly insecure to
> me.  What is the easiest and safest way to implement this?  I assume
> all I need to is set default ftp directory to a shared folder my
> internal users can browse (?).  Recommended alternatives appreciated.
>
> thanks
>
> Hal

[ Post a follow-up to this message ]