RE: securing an FTP service

["pingywon" <pingywon () gmail com>]

Yes - VPNing to the location would over come the plain text password
transferal along with encrypting all data coming off the FTP


-----Original Message-----
From: Davide [mailto:ak_71 () libero it] 
Sent: Monday, November 22, 2004 18:12
To: security-basics () securityfocus com
Subject: securing an FTP service



Hi everybody. would you please give me some hints for the followin
situation?

In a win-based network, a folder contains some documents

that have to be made available to company employees when

they are not in the HQ but they are in a local branch office

this is currently implemented by a FTP server (win 2kserver); the ftproot is
the root dir of the documents.

the server is connected to internet:



(internet)---(router)---(firewall)---(LAN)---(server)



employees access from a remote location office using their win logon
credentials (no anonym access is provided). The local branch office acceses
internet with a dinamic IP provided by ISP. What security concerns are rised
in this setting? Should I use a DMZ, using the server to provide FTP
services and moving the ftproot folder to another server INSIDE the DMZ
(linked to a shared folder)?

How can I overcome the problem that FTP passwords are transmitted not
enchrypted? Should a VPN between HQ provide the panacea for these problems?



thanks in advance

davide

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004