Solved

Simple question for IIS FTP security gurus

Posted on 2003-10-21
10
822 Views
Last Modified: 2010-04-11
Can IIS FTP be configured to allow user ID's access only from certain IP subnets?

If so, How is this done?

Alternatively, would another FTP server be a better choice to meet this requirement?

0
Comment
Question by:swift99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 19

Expert Comment

by:Rimvis
ID: 9597722
On your FTP site, go to Properties -> Directory Security.
0
 
LVL 4

Accepted Solution

by:
Kokoglen earned 250 total points
ID: 9599632
Yes, Rimvis shows where the menu is above.

HOWEVER, (Im trying to secure my own FTP server as well) it is possible to spoof an IP address.  Its still a hoop to jump through but the username and password are still sent via clear text.  Ive been researching different options to fix that.

I asked a question on the subject and might be helpful to you.
http://www.experts-exchange.com/Security/Win_Security/Q_20769226.html#9596729
0
 
LVL 6

Author Comment

by:swift99
ID: 9599708
Thanks!
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 2

Expert Comment

by:sh00t3r
ID: 9602044
As opposed to looking at IIS for the answer, which i seldomly find, why don't you edit the FTP rule on ISA to only allow the specified subnets?

0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9602056
Whoops sorry, thought you were running ISA. Do you have any firewall in place that could proxy the traffic?
0
 
LVL 6

Author Comment

by:swift99
ID: 9602174
ISA ... I'm not sure.  I'm grasping at straws for an upcoming project.  I'll have to check with our infrastructures group.

The problem is that some user ID's need access from the internet, but others can only be permitted access from the intranet.  We need user ID level resolution.  Firewalls only resolve to the IP level.
0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9602337
Not true. An application level firewall has the ability to proxy on an user id basis. I have an SGS 5400 that does just that
0
 
LVL 6

Author Comment

by:swift99
ID: 9602380
I will pass this on to our infrastructure group and see what they can do with it.
0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9602505
Good luck!

Other then that you'll probably want to investigate another FTP server application besides IIS.
0
 
LVL 6

Author Comment

by:swift99
ID: 9604270
Yeah ... I thought so.  IIS means "It Isnt Secure"

Our server people came up with a solution that fits our existing  architecture this evening.

Points to Kokoglen because the article referenced was most in line with the reasoning that led to the final solution.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
A look at what happened in the Verizon cloud breach.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month5 days, 7 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question