Security Basics mailing list archives
Re: Secure FTP
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sat, 24 Mar 2007 00:52:26 +0100
On 2007-03-20 aaronr () imcu com wrote:
We have a public facing FTP server that we would like to secure. We are running a MS 2003 Active Directory domain and this box is running on Win2k Server. What is the best way to secure this FTP server? I've tried SFTP, but was just curious as to what else is out there. Right now we are using the builtin IIS FTP server. Our goal is to provide a public FTP server so that clients or customers can dropoff large files there without the need to e-mail them. We aren't too keen on the fact that FTP is cleartext and these are domain user/pass going back and forth. Plus, we are a financial institution and any way to encrypt this traffic would definitely be a plus....even if we have to provide a link to connecting clients so that they can download a free secure FTP client. Any thoughts?
The easiest way would be using SSL-encrypted WebDAV, AFAICS. http://support.microsoft.com/kb/323470 Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Secure FTP aaronr (Mar 23)
- Re: Secure FTP Ali, Saqib (Mar 26)
- Re: Secure FTP Ansgar -59cobalt- Wiechers (Mar 26)
- RE: Secure FTP Scott Ramsdell (Mar 26)
- Re: Secure FTP MaddHatter (Mar 26)
- RE: Secure FTP jbeauford (Mar 27)
- Re: Secure FTP Michael Louie Loria (Mar 28)
- RE: Secure FTP jbeauford (Mar 27)
- <Possible follow-ups>
- Re: Secure FTP Krymson (Mar 26)