Security Basics mailing list archives
Re: securing an FTP service
From: Davide <ak_71 () libero it>
Date: 24 Nov 2004 15:15:22 -0000
In-Reply-To: <41A043F900025D3B () vsmtp2alice tin it (added by postmaster () aliceposta it)> thanks pingywon and alessandro for your hints. yes, the lan is natted. FTP service on the firewall is redirected to the Server. I understand the fact that since at branch office IP is dynamic i cannot reject (at the firewall level) ftp requests that do not come from IP others than branch office's. But I think I failed to explain the prospected solution: the ftp-server is placed in the DMZ (internet)---(router)---(firewall)---(ftp-server)---(internal firewall AKA "holed fiewall")---(LAN)---(computer hosting the ftproot) i.e. the ftproot sits in another computer inside the LAN. this would expose to the DMZ the NETBIOS sharing needed to the ftp-server to access the ftproot: on the internal firewall, netbios ports should be redirected to the computer hosting the ftproot. On the computer hosting the ftproot, we configure: .a folder, containig the documents, read-only; .another folder used to host the files the remote user finally needs to give (put) to the colleagues with read/write/delete access. . users in the central office access the ftproot as any normal shared resource in the LAN. Does this setup give any sense? thanks davide
On Tuesday 23 November 2004 00:11, Davide wrote:
(internet)---(router)---(firewall)---(LAN)---(server)
the LAN is NATted? If so, you'll need to set Port Address Translation on the firewall/nat.
[...]
takers?). Cheers -- Alessandro Bottonelli, CISSP & BS7799 Lead Auditor AXIS-NET Privacy & InfoSec Consulting http://www.axis-net.it
Current thread:
- securing an FTP service Davide (Nov 22)
- RE: securing an FTP service pingywon (Nov 23)
- Re: securing an FTP service Alessandro Bottonelli (Nov 24)
- Re: securing an FTP service Raphaƫl Rigo ML (Nov 24)
- Bestcrypt brute force Javier Sanchez (Nov 25)
- Re: Bestcrypt brute force GuidoZ (Nov 27)
- Bestcrypt brute force Javier Sanchez (Nov 25)
- <Possible follow-ups>
- Re: securing an FTP service Davide (Nov 25)