Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 831
  • Last Modified:

Simple question for IIS FTP security gurus

Can IIS FTP be configured to allow user ID's access only from certain IP subnets?

If so, How is this done?

Alternatively, would another FTP server be a better choice to meet this requirement?

0
swift99
Asked:
swift99
1 Solution
 
RimvisCommented:
On your FTP site, go to Properties -> Directory Security.
0
 
KokoglenCommented:
Yes, Rimvis shows where the menu is above.

HOWEVER, (Im trying to secure my own FTP server as well) it is possible to spoof an IP address.  Its still a hoop to jump through but the username and password are still sent via clear text.  Ive been researching different options to fix that.

I asked a question on the subject and might be helpful to you.
http://www.experts-exchange.com/Security/Win_Security/Q_20769226.html#9596729
0
 
swift99Author Commented:
Thanks!
0
WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

 
sh00t3rCommented:
As opposed to looking at IIS for the answer, which i seldomly find, why don't you edit the FTP rule on ISA to only allow the specified subnets?

0
 
sh00t3rCommented:
Whoops sorry, thought you were running ISA. Do you have any firewall in place that could proxy the traffic?
0
 
swift99Author Commented:
ISA ... I'm not sure.  I'm grasping at straws for an upcoming project.  I'll have to check with our infrastructures group.

The problem is that some user ID's need access from the internet, but others can only be permitted access from the intranet.  We need user ID level resolution.  Firewalls only resolve to the IP level.
0
 
sh00t3rCommented:
Not true. An application level firewall has the ability to proxy on an user id basis. I have an SGS 5400 that does just that
0
 
swift99Author Commented:
I will pass this on to our infrastructure group and see what they can do with it.
0
 
sh00t3rCommented:
Good luck!

Other then that you'll probably want to investigate another FTP server application besides IIS.
0
 
swift99Author Commented:
Yeah ... I thought so.  IIS means "It Isnt Secure"

Our server people came up with a solution that fits our existing  architecture this evening.

Points to Kokoglen because the article referenced was most in line with the reasoning that led to the final solution.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now