Solved

Simple question for IIS FTP security gurus

Posted on 2003-10-21
10
814 Views
Last Modified: 2010-04-11
Can IIS FTP be configured to allow user ID's access only from certain IP subnets?

If so, How is this done?

Alternatively, would another FTP server be a better choice to meet this requirement?

0
Comment
Question by:swift99
10 Comments
 
LVL 19

Expert Comment

by:Rimvis
Comment Utility
On your FTP site, go to Properties -> Directory Security.
0
 
LVL 4

Accepted Solution

by:
Kokoglen earned 250 total points
Comment Utility
Yes, Rimvis shows where the menu is above.

HOWEVER, (Im trying to secure my own FTP server as well) it is possible to spoof an IP address.  Its still a hoop to jump through but the username and password are still sent via clear text.  Ive been researching different options to fix that.

I asked a question on the subject and might be helpful to you.
http://www.experts-exchange.com/Security/Win_Security/Q_20769226.html#9596729
0
 
LVL 6

Author Comment

by:swift99
Comment Utility
Thanks!
0
 
LVL 2

Expert Comment

by:sh00t3r
Comment Utility
As opposed to looking at IIS for the answer, which i seldomly find, why don't you edit the FTP rule on ISA to only allow the specified subnets?

0
 
LVL 2

Expert Comment

by:sh00t3r
Comment Utility
Whoops sorry, thought you were running ISA. Do you have any firewall in place that could proxy the traffic?
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 6

Author Comment

by:swift99
Comment Utility
ISA ... I'm not sure.  I'm grasping at straws for an upcoming project.  I'll have to check with our infrastructures group.

The problem is that some user ID's need access from the internet, but others can only be permitted access from the intranet.  We need user ID level resolution.  Firewalls only resolve to the IP level.
0
 
LVL 2

Expert Comment

by:sh00t3r
Comment Utility
Not true. An application level firewall has the ability to proxy on an user id basis. I have an SGS 5400 that does just that
0
 
LVL 6

Author Comment

by:swift99
Comment Utility
I will pass this on to our infrastructure group and see what they can do with it.
0
 
LVL 2

Expert Comment

by:sh00t3r
Comment Utility
Good luck!

Other then that you'll probably want to investigate another FTP server application besides IIS.
0
 
LVL 6

Author Comment

by:swift99
Comment Utility
Yeah ... I thought so.  IIS means "It Isnt Secure"

Our server people came up with a solution that fits our existing  architecture this evening.

Points to Kokoglen because the article referenced was most in line with the reasoning that led to the final solution.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now