FTP Server

Hey all,

I just setup an FTP server on a Windows 2003 box using IIS and the built in ftp server. I opened the ports on the firewall and forced the ftp server to only allow connections from those with valid AD accounts. Is there anything else security wise I should take precautions against? I have never used Win2k3's ftp server and am not entirely sure of the security behind it. I'm pretty sure that its secure (as I have port scanned from the outside and don't see it which is good) but its for a client I'm working with so I'm a little paranoid.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

RobertKaucher

YES!!!! Answer these questions:
* What sort of encryption does FTP use to authenticate (how are passwords sent from client to server)?
* What does it mean if AD user accounts and passwords are being transmitted in this way?

NightShade03

When you try to access the FTP server from the outside (aka at home) the only username/password combos that will work is if its an account from active directory.

I have SSL setup for the FTP server so all encryption LAN or WAN is enencrypted

blargoe

NightShade03 wrote: »

When you try to access the FTP server from the outside (aka at home) the only username/password combos that will work is if its an account from active directory.

I have SSL setup for the FTP server so all encryption LAN or WAN is enencrypted

No you don't, not for FTP service on IIS for Windows 2003. It doesn't support SSL no way no how.

NightShade03

blargoe wrote: »

No you don't, not for FTP service on IIS for Windows 2003. It doesn't support SSL no way no how.

Really?! One of the guide in Microsoft's documentation says it does lol, but seriously that doesn't mean anything because I don't trust Microsoft anyway...

I'm still testing so I guess I should make sure there is some encryption there huh?

qwertyiop

NightShade03 wrote: »

Really?! One of the guide in Microsoft's documentation says it does lol, but seriously that doesn't mean anything because I don't trust Microsoft anyway...

I'm still testing so I guess I should make sure there is some encryption there huh?

To my knowledge only Windows Server 2008 has the ability to use SSL with FTP.

If your able to get it running on a 2003 box then let us know