Solved

Simple question for IIS FTP security gurus

Posted on 2003-10-21
10
820 Views
Last Modified: 2010-04-11
Can IIS FTP be configured to allow user ID's access only from certain IP subnets?

If so, How is this done?

Alternatively, would another FTP server be a better choice to meet this requirement?

0
Comment
Question by:swift99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 19

Expert Comment

by:Rimvis
ID: 9597722
On your FTP site, go to Properties -> Directory Security.
0
 
LVL 4

Accepted Solution

by:
Kokoglen earned 250 total points
ID: 9599632
Yes, Rimvis shows where the menu is above.

HOWEVER, (Im trying to secure my own FTP server as well) it is possible to spoof an IP address.  Its still a hoop to jump through but the username and password are still sent via clear text.  Ive been researching different options to fix that.

I asked a question on the subject and might be helpful to you.
http://www.experts-exchange.com/Security/Win_Security/Q_20769226.html#9596729
0
 
LVL 6

Author Comment

by:swift99
ID: 9599708
Thanks!
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 2

Expert Comment

by:sh00t3r
ID: 9602044
As opposed to looking at IIS for the answer, which i seldomly find, why don't you edit the FTP rule on ISA to only allow the specified subnets?

0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9602056
Whoops sorry, thought you were running ISA. Do you have any firewall in place that could proxy the traffic?
0
 
LVL 6

Author Comment

by:swift99
ID: 9602174
ISA ... I'm not sure.  I'm grasping at straws for an upcoming project.  I'll have to check with our infrastructures group.

The problem is that some user ID's need access from the internet, but others can only be permitted access from the intranet.  We need user ID level resolution.  Firewalls only resolve to the IP level.
0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9602337
Not true. An application level firewall has the ability to proxy on an user id basis. I have an SGS 5400 that does just that
0
 
LVL 6

Author Comment

by:swift99
ID: 9602380
I will pass this on to our infrastructure group and see what they can do with it.
0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9602505
Good luck!

Other then that you'll probably want to investigate another FTP server application besides IIS.
0
 
LVL 6

Author Comment

by:swift99
ID: 9604270
Yeah ... I thought so.  IIS means "It Isnt Secure"

Our server people came up with a solution that fits our existing  architecture this evening.

Points to Kokoglen because the article referenced was most in line with the reasoning that led to the final solution.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question