We're getting ready to deploy an aix52 server on the internet as an
ftp server.  Is there a good doc that covers the security issues and
changes that should be considered before opening the server to the
internet?

Thanks

[ Post a follow-up to this message ]

On 24 Apr 2007 19:37:09 -0700, gdoogle@yahoo.com <gdoogle@yahoo.com> wrote:
> We're getting ready to deploy an aix52 server on the internet as an
> ftp server.  Is there a good doc that covers the security issues and
> changes that should be considered before opening the server to the
> internet?

You're putting an open FTP server on the public internet?

What is the big picture of what you're trying to accomplish?  If for no
other reason, clear-text passwords are a huge security concern.

[ Post a follow-up to this message ]

gdoo...@yahoo.com wrote:
>
> We're getting ready to deploy an aix52 server on the internet as an
> ftp server.  Is there a good doc that covers the security issues and
> changes that should be considered before opening the server to the
> internet?

Make sure you read up on "anonymous FTP" and set it up that
way.  If it is going to be on the open Internet you'll want to use it
for that sort of staging.  Maybe even only give it access to space
that's chrooted by the anonymous instructions and read-only by
NFS mount so that it can be used as an archive for fetch.

[ Post a follow-up to this message ]

Let me clarify.  We'll be using NcFTP as the ftp server application
running on an aix server. We'll be receiving and transfering data
files with a select group of customers on a 24x7 operation. via the
internet We're looking for guidance on how to secure the server at the
OS level since it will be open to the internet.  NcFTP will be
configured to be as secure as possible.

[ Post a follow-up to this message ]

On 2007-04-27, gdoogle@yahoo.com <gdoogle@yahoo.com> wrote:
> Let me clarify.  We'll be using NcFTP as the ftp server application
> running on an aix server. We'll be receiving and transfering data
> files with a select group of customers on a 24x7 operation. via the
> internet We're looking for guidance on how to secure the server at the
> OS level since it will be open to the internet.  NcFTP will be
> configured to be as secure as possible.
>

If this is going to be a business operation, use SSH. The sftp subsystem
offered by SSH is command-equivalent to FTP, and a whole lot more
secure. You are asking for trouble by using FTP.

Jeremy

--
Jeremy Worrells
Unix Generalist
jeremy@worrells.org

[ Post a follow-up to this message ]