Solved

What rights does a user need to access FTP anonymously on a domain controller?  Also..can I use SSL with FTP?

Posted on 2004-08-03
4
387 Views
Last Modified: 2011-09-20
Internet Explorer 6.0.  Can I use certs or a better way to authenticate using FTP?  Thanks.
0
Comment
Question by:Sp0cky
  • 2
  • 2
4 Comments
 
LVL 1

Expert Comment

by:potuncle
ID: 11709773
You want to be able to ftp to your domain controller? From outside of your network? If so, allowing such would be a very bad thing. For secure ftp try sftp. It combines ftp and ssh and is relatively secure. But, I'm still not exactly sure what you are asking.

Jason
0
 

Author Comment

by:Sp0cky
ID: 11710118
Hmm..maybe I should FTP from another server and map a drive to my domain controller?  or is that the same security risk?  

"But, I'm still not exactly sure what you are asking."

You have answered my question in part.  I am looking for a way to avoid hacker's from "packet sniffing" our passwords when we connect to the ftp server.   Is this why anonymous access is recommended?  So that a password is not transferred?  Isn't anonymous access just as bad though as it allows anyone to get in?   Do you have any resources for creating and/or enabling sftp.  Do most users just use annonymous for ftp?  I dont have much experience with it.  Thanks.
0
 
LVL 1

Accepted Solution

by:
potuncle earned 350 total points
ID: 11711440
FTP to another server with a drive mapped has the same security risks as ftping directly to the server. Anonymous access would allow anyone to connect and access files which is bad. Basically FTP and Telnet are very bad because they are unencrypted, even when you send your password, so it is relatively easy for a hacker to capture your username/password. SSH is a secure replacement for Telnet. SSH uses strong encryption even when transferring the password. FTP and other services can work through SSH to provide secure and encrypted data transfer. The following site has lots of information about installing a SSH server on Windows and how to use WinSCP (a secure file transfer protocol): http://www.jfitz.com/tips/ssh_for_windows.html

All that aside, it is generally bad to use a domain controller as anything other than a domain controller. Why? If it goes down for any reason then all the computers on the domain that authenticate via the domain controller will be unable to access any of the resources/shares on the domain. Also, the domain controller has some very important and confidential data on it such as all the usernames/passwords for all the users on your domain. For sharing files out to other computers on the domain or out to the Internet, I highly suggest using another computer that is not the domain controller as the file server.

Jason
0
 

Author Comment

by:Sp0cky
ID: 11712345
Thank you Jason.  You seem to be knowledgeable on this subject so I want to ask you a follow up question.  We are using SSL for the exchange OWA portion of our public folder and mail server.  

Meaning: Whenever a user connects to our domain ctrlr/exchange server for access (to public folders mainly) they are REQUIRED to use 128bit SSL throught the web interface.  To the best of my knowledge, the way it works is that even IF the hacker gets the username and password, they MUST have the certificate MATCHING that user as well ON THEIR COMPUTER (emphasizing not shouting).   Do you feel that is secure enough (your opinion?).  Also, just because the session is encrypted, the username and password can always be read..even if we are using Windows Integrated Authentication right?  Is it any harder to get the username and password considering our set up?  Is it any harder for a hacker to get in considering our set up?  Thanks again.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now