Solved

Simple question for IIS FTP security gurus

Posted on 2003-10-21
10
819 Views
Last Modified: 2010-04-11
Can IIS FTP be configured to allow user ID's access only from certain IP subnets?

If so, How is this done?

Alternatively, would another FTP server be a better choice to meet this requirement?

0
Comment
Question by:swift99
10 Comments
 
LVL 19

Expert Comment

by:Rimvis
ID: 9597722
On your FTP site, go to Properties -> Directory Security.
0
 
LVL 4

Accepted Solution

by:
Kokoglen earned 250 total points
ID: 9599632
Yes, Rimvis shows where the menu is above.

HOWEVER, (Im trying to secure my own FTP server as well) it is possible to spoof an IP address.  Its still a hoop to jump through but the username and password are still sent via clear text.  Ive been researching different options to fix that.

I asked a question on the subject and might be helpful to you.
http://www.experts-exchange.com/Security/Win_Security/Q_20769226.html#9596729
0
 
LVL 6

Author Comment

by:swift99
ID: 9599708
Thanks!
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 2

Expert Comment

by:sh00t3r
ID: 9602044
As opposed to looking at IIS for the answer, which i seldomly find, why don't you edit the FTP rule on ISA to only allow the specified subnets?

0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9602056
Whoops sorry, thought you were running ISA. Do you have any firewall in place that could proxy the traffic?
0
 
LVL 6

Author Comment

by:swift99
ID: 9602174
ISA ... I'm not sure.  I'm grasping at straws for an upcoming project.  I'll have to check with our infrastructures group.

The problem is that some user ID's need access from the internet, but others can only be permitted access from the intranet.  We need user ID level resolution.  Firewalls only resolve to the IP level.
0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9602337
Not true. An application level firewall has the ability to proxy on an user id basis. I have an SGS 5400 that does just that
0
 
LVL 6

Author Comment

by:swift99
ID: 9602380
I will pass this on to our infrastructure group and see what they can do with it.
0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9602505
Good luck!

Other then that you'll probably want to investigate another FTP server application besides IIS.
0
 
LVL 6

Author Comment

by:swift99
ID: 9604270
Yeah ... I thought so.  IIS means "It Isnt Secure"

Our server people came up with a solution that fits our existing  architecture this evening.

Points to Kokoglen because the article referenced was most in line with the reasoning that led to the final solution.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can not open an anonymous level security token 2 47
Cisco ASA blocks some https sites. 27 43
WAN Link comparsion 3 28
O365 Getting Spoofed from Another Country 4 28
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question