Solved

What rights does a user need to access FTP anonymously on a domain controller?  Also..can I use SSL with FTP?

Posted on 2004-08-03
4
388 Views
Last Modified: 2011-09-20
Internet Explorer 6.0.  Can I use certs or a better way to authenticate using FTP?  Thanks.
0
Comment
Question by:Sp0cky
  • 2
  • 2
4 Comments
 
LVL 1

Expert Comment

by:potuncle
ID: 11709773
You want to be able to ftp to your domain controller? From outside of your network? If so, allowing such would be a very bad thing. For secure ftp try sftp. It combines ftp and ssh and is relatively secure. But, I'm still not exactly sure what you are asking.

Jason
0
 

Author Comment

by:Sp0cky
ID: 11710118
Hmm..maybe I should FTP from another server and map a drive to my domain controller?  or is that the same security risk?  

"But, I'm still not exactly sure what you are asking."

You have answered my question in part.  I am looking for a way to avoid hacker's from "packet sniffing" our passwords when we connect to the ftp server.   Is this why anonymous access is recommended?  So that a password is not transferred?  Isn't anonymous access just as bad though as it allows anyone to get in?   Do you have any resources for creating and/or enabling sftp.  Do most users just use annonymous for ftp?  I dont have much experience with it.  Thanks.
0
 
LVL 1

Accepted Solution

by:
potuncle earned 350 total points
ID: 11711440
FTP to another server with a drive mapped has the same security risks as ftping directly to the server. Anonymous access would allow anyone to connect and access files which is bad. Basically FTP and Telnet are very bad because they are unencrypted, even when you send your password, so it is relatively easy for a hacker to capture your username/password. SSH is a secure replacement for Telnet. SSH uses strong encryption even when transferring the password. FTP and other services can work through SSH to provide secure and encrypted data transfer. The following site has lots of information about installing a SSH server on Windows and how to use WinSCP (a secure file transfer protocol): http://www.jfitz.com/tips/ssh_for_windows.html

All that aside, it is generally bad to use a domain controller as anything other than a domain controller. Why? If it goes down for any reason then all the computers on the domain that authenticate via the domain controller will be unable to access any of the resources/shares on the domain. Also, the domain controller has some very important and confidential data on it such as all the usernames/passwords for all the users on your domain. For sharing files out to other computers on the domain or out to the Internet, I highly suggest using another computer that is not the domain controller as the file server.

Jason
0
 

Author Comment

by:Sp0cky
ID: 11712345
Thank you Jason.  You seem to be knowledgeable on this subject so I want to ask you a follow up question.  We are using SSL for the exchange OWA portion of our public folder and mail server.  

Meaning: Whenever a user connects to our domain ctrlr/exchange server for access (to public folders mainly) they are REQUIRED to use 128bit SSL throught the web interface.  To the best of my knowledge, the way it works is that even IF the hacker gets the username and password, they MUST have the certificate MATCHING that user as well ON THEIR COMPUTER (emphasizing not shouting).   Do you feel that is secure enough (your opinion?).  Also, just because the session is encrypted, the username and password can always be read..even if we are using Windows Integrated Authentication right?  Is it any harder to get the username and password considering our set up?  Is it any harder for a hacker to get in considering our set up?  Thanks again.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now