Options
Company wants to use a FTP Server
Comments
-
Optionsinstant000 Member Posts: 1,745geeksquad09 wrote: »Sorry i wrote thta wrong, Were gonna use te FTP service through Server 2003, Ive set it up and what not the only problem im having is he wants me to do the followingm and im catching hell doing it
-Save a file and make it public.
-Give me instruction on how to get it off site
-Some kind of authentication will be needed after the test phase.
This sounds like you will need to get with your network person (unless that's also you) and set up a translation, from a public to DMZ/internal IP, for the FTP port, so FTP users can hit it from the outside. If you have Cisco devices, there are configuration guides available for this.
FTP products can be set for username/password authentication
You can set the user's home directory.
I think you would first work at getting this working locally, inside your network, then branch out to either having the server in DMZ, and/or have an IP translation to the outside.
Let us know at which point you're stuck.
EDIT: by referring to the user's home directory, I mean the folder the user would connect to when they come on the FTP site, as well as controlling whether or not that user can browse to other folders.Currently Working: CCIE R&S
LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!) -
Optionsgeeksquad09 Member Posts: 177instant000 wrote: »This sounds like you will need to get with your network person (unless that's also you) and set up a translation, from a public to DMZ/internal IP, for the FTP port, so FTP users can hit it from the outside. If you have Cisco devices, there are configuration guides available for this.
FTP products can be set for username/password authentication
You can set the user's home directory.
I think you would first work at getting this working locally, inside your network, then branch out to either having the server in DMZ, and/or have an IP translation to the outside.
Let us know at which point you're stuck.
EDIT: by referring to the user's home directory, I mean the folder the user would connect to when they come on the FTP site, as well as controlling whether or not that user can browse to other folders.
I used the link attached below should that link solve all the steps my boss has asked besides the Authentication task
How to configure Network Address Translation in Windows Server 2003Currently Studying for Network+, Server+, and Security+
The computer was born to solve problems that did not exist before -
OptionsRobertKaucher Member Posts: 4,299 ■■■■■■■■■■At my previous job we used an FTP server basedo on IIS on Server 2003. It was probably very insecure but what you do needs to fit the business needs of the company. I had a word document with screen shots that I used to send to customers who needed to access the site. It provided step by step instructions for them.
What exactly are you having issues setting up right now? My suggestion is set it up internally, test it, get authentication working as you expect and only then publish it outside the firewall.
WITHOUT AUTHENTICATION DO NOT PUBLISH THIS USING NAT!!!! You will have a server with an HDD full of pr0n in seconds!!! -
Optionsgeeksquad09 Member Posts: 177RobertKaucher wrote: »At my previous job we used an FTP server basedo on IIS on Server 2003. It was probably very insecure but what you do needs to fit the business needs of the company. I had a word document with screen shots that I used to send to customers who needed to access the site. It provided step by step instructions for them.
What exactly are you having issues setting up right now? My suggestion is set it up internally, test it, get authentication working as you expect and only then publish it outside the firewall.
WITHOUT AUTHENTICATION DO NOT PUBLISH THIS USING NAT!!!! You will have a server with an HDD full of pr0n in seconds!!!
Im having issues with the following
-Saving a file and make it public.
-Give me instruction on how to get it off site
-Some kind of authentication will be needed after the test phase.Currently Studying for Network+, Server+, and Security+
The computer was born to solve problems that did not exist before -
OptionsRobertKaucher Member Posts: 4,299 ■■■■■■■■■■geeksquad09 wrote: »Im having issues with the following
-Saving a file and make it public.
-Give me instruction on how to get it off site
-Some kind of authentication will be needed after the test phase.
FTP Site Setup (IIS 6.0)
Configure FTP Server Authentication (IIS 6.0)
Setting up FTP via Windows Explorer
Who ever is getting the files would take steps similar to the thrid link. You already found a link about publishing the FTP service outside your firewall. That should be all you need. Make sure you communicate clearly with the boss about the chances of 0wnage. -
Optionsgeeksquad09 Member Posts: 177RobertKaucher wrote: »FTP Site Setup (IIS 6.0)
Configure FTP Server Authentication (IIS 6.0)
Setting up FTP via Windows Explorer
Who ever is getting the files would take steps similar to the thrid link. You already found a link about publishing the FTP service outside your firewall. That should be all you need. Make sure you communicate clearly with the boss about the chances of 0wnage.
Completed The 1st link, and i emailed my boss the 3rd link, The 2nd one is giving me a bit of complications. Could i use my bosses log in and password as the authentication Username and PasswordCurrently Studying for Network+, Server+, and Security+
The computer was born to solve problems that did not exist before -
Optionsblargoe Member Posts: 4,174 ■■■■■■■■■□I would not set up a Windows FTP server without the following characteristics:
- At LEAST Windows 2008. You're only going to see security updates for Windows 2003 for a couple more years. Also Windows 2008 FTP is much more secure.
- FTP Root on separate partition from System Root drive
- Enable the File Server Resource Manager feature and create a policy to block all executable content from being saved in the FTP folders on the file system (or any other file types that you don't intend to allow... videos and music, for example)
- Execute the Security Configuration Wizard (or whatever the equivalent is called in 200 and lock down the server as much as possible.
- Create Software Restriction Policies in local Group Policy to block executables unauthorized executables from running on the server.
- Host the server in a perimeter network
- Have an IDS at the perimeter
- Install host-based security protection
You can make a Windows FTP server pretty tight but you really need to do the above for best results.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
OptionsMentholMoose Member Posts: 1,525 ■■■■■■■■□□geeksquad09 wrote: »Completed The 1st link, and i emailed my boss the 3rd link, The 2nd one is giving me a bit of complications. Could i use my bosses log in and password as the authentication Username and PasswordRobertKaucher wrote: »At my previous job we used an FTP server basedo on IIS on Server 2003. It was probably very insecure but what you do needs to fit the business needs of the company.
IIS FTP on Server 2008 supports FTPS, which uses SSL to encrypt the authentication and/or data channels, so if you care about security at all, use that over Server 2003. This wasn't included in Server 2008 RTM but I think it is included in 2008 SP1 and 2008 R2 by default. blargoe has some good points about hardening this server.
FTPS in IIS7 is sweeter - eXtreme. tech. - Site Home - TechNet BlogsMentholMoose
MCSA 2003, LFCS, LFCE (expired), VCP6-DCV -
Optionsit_consultant Member Posts: 1,903You know...this is one time the cloud may be called for. Have you considered using something like box.net?
-
Optionsgeeksquad09 Member Posts: 177it_consultant wrote: »You know...this is one time the cloud may be called for. Have you considered using something like box.net?
Ok but how could we use "Box.net" to transfer the companies files back and foward to one another. we have our own domain "TRIUMPH"Currently Studying for Network+, Server+, and Security+
The computer was born to solve problems that did not exist before -
Optionsit_consultant Member Posts: 1,903I assume that the reason for using an FTP server is to move files from your inside network to a partner company or customers. Box.net allows something called "sync" where you can sync folders on your file server to box.net servers. Your clients could log into box.net and see those same files and folders. You can "share" the folders with whomever your choose or you could create box.net logins for them and set their access to appropriate levels.
I am not trying to be harsh but if you need this thing to work correctly right out of the gate, this is a better solution for you. FTP is great but it seems like you have a lack of experience with FTP and I fear you are setting yourself up for failure. -
OptionsRobertKaucher Member Posts: 4,299 ■■■■■■■■■■it_consultant wrote: »I am not trying to be harsh but if you need this thing to work correctly right out of the gate, this is a better solution for you. FTP is great but it seems like you have a lack of experience with FTP and I fear you are setting yourself up for failure.
Especially with the considerable security issues that are involved with this. -
Optionsgeeksquad09 Member Posts: 177it_consultant wrote: »I assume that the reason for using an FTP server is to move files from your inside network to a partner company or customers. Box.net allows something called "sync" where you can sync folders on your file server to box.net servers. Your clients could log into box.net and see those same files and folders. You can "share" the folders with whomever your choose or you could create box.net logins for them and set their access to appropriate levels.
I am not trying to be harsh but if you need this thing to work correctly right out of the gate, this is a better solution for you. FTP is great but it seems like you have a lack of experience with FTP and I fear you are setting yourself up for failure.
I already have now ive hit this speed bump, we were using the I.P address to log onto server 2003 and now i cant get in im getting this following message.
when tyring to connect to remote desktop the following error consists of
- remote access to the server isnt enabled
- the remote computer is turned off
- the remote computer isnt available on networkCurrently Studying for Network+, Server+, and Security+
The computer was born to solve problems that did not exist before -
OptionsRobertKaucher Member Posts: 4,299 ■■■■■■■■■■geeksquad09 wrote: »I already have now ive hit this speed bump, we were using the I.P address to log onto server 2003 and now i cant get in im getting this following message.
when tyring to connect to remote desktop the following error consists of
- remote access to the server isnt enabled
- the remote computer is turned off
- the remote computer isnt available on network
Did you enable the FTP feature and publish it outside the firewall without enabling authentication? -
Optionsgeeksquad09 Member Posts: 177RobertKaucher wrote: »Did you enable the FTP feature and publish it outside the firewall without enabling authentication?
No i mean im using a company computer and he wanted me to do remote access to the server computer since it was a few floors down and when i tried to connect to it that message popped up
when tyring to connect to remote desktop the following error consists of
- remote access to the server isnt enabled
- the remote computer is turned off
- the remote computer isnt available on networkCurrently Studying for Network+, Server+, and Security+
The computer was born to solve problems that did not exist before -
Optionsinstant000 Member Posts: 1,745geeksquad09: What is your IT background? It seems that you're being tasked to do something above your skill level.
You need to enable remote desktop at that server, in order to connect to it.
If you can remote desktop to it from other locations, it could be a network configuration issue.Currently Working: CCIE R&S
LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!) -
OptionsMentholMoose Member Posts: 1,525 ■■■■■■■■□□geeksquad09 wrote: »No i mean im using a company computer and he wanted me to do remote access to the server computer since it was a few floors down and when i tried to connect to it that message popped upgeeksquad09 wrote: »when tyring to connect to remote desktop the following error consists of
- remote access to the server isnt enabledgeeksquad09 wrote: »- the remote computer is turned offgeeksquad09 wrote: »- the remote computer isnt available on networkMentholMoose
MCSA 2003, LFCS, LFCE (expired), VCP6-DCV -
Optionsgeeksquad09 Member Posts: 177instant000 wrote: »geeksquad09: What is your IT background? It seems that you're being tasked to do something above your skill level.
You need to enable remote desktop at that server, in order to connect to it.
If you can remote desktop to it from other locations, it could be a network configuration issue.
I enabled it at the server, when i attempt to connect from a local computer it doesnt connect it displays the message i posted in the previous postsCurrently Studying for Network+, Server+, and Security+
The computer was born to solve problems that did not exist before -
Optionsblargoe Member Posts: 4,174 ■■■■■■■■■□Then the computer is either totally unreachable from your location, or you have a host firewall on your computer and/or the server itself blocking you.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
Optionsinstant000 Member Posts: 1,745Then the computer is either totally unreachable from your location, or you have a host firewall on your computer and/or the server itself blocking you.
Or a network ACL somewhere. Do you have contact with the network guy (you don't seem to be him), so you can check on if there are filters set up against RDP traffic?
but, the simplest things to check would be the stations under your control at this time, which appear to be the workstation and the server, just to narrow those down (though enabling RDP is supposed to automatically configure the firewall to allow it on the server side)
Can this workstation RDP to other servers, and just not this one particular server? just trying to get some baseline of something known to be working, and then branching from there, on the differences.Currently Working: CCIE R&S
LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!) -
Optionskriscamaro68 Member Posts: 1,186 ■■■■■■■□□□As others have said it sounds like a firewall issue or maybe you are on a different network. I would do a tracert from your computer and see the jumps it makes if any. If you have a firewall somewhere you need to open port 3389 for rdp connections. Also when your at the server do the same thing by trying to ping and tracert to your workstation and see where that gets you. Check the server for a firewall that is on. If it is on and not configured it will pretty much stop anyting that isn't port 80 or 443.