Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

What rights does a user need to access FTP anonymously on a domain controller?  Also..can I use SSL with FTP?

Posted on 2004-08-03
4
Medium Priority
?
406 Views
Last Modified: 2011-09-20
Internet Explorer 6.0.  Can I use certs or a better way to authenticate using FTP?  Thanks.
0
Comment
Question by:Sp0cky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 1

Expert Comment

by:potuncle
ID: 11709773
You want to be able to ftp to your domain controller? From outside of your network? If so, allowing such would be a very bad thing. For secure ftp try sftp. It combines ftp and ssh and is relatively secure. But, I'm still not exactly sure what you are asking.

Jason
0
 

Author Comment

by:Sp0cky
ID: 11710118
Hmm..maybe I should FTP from another server and map a drive to my domain controller?  or is that the same security risk?  

"But, I'm still not exactly sure what you are asking."

You have answered my question in part.  I am looking for a way to avoid hacker's from "packet sniffing" our passwords when we connect to the ftp server.   Is this why anonymous access is recommended?  So that a password is not transferred?  Isn't anonymous access just as bad though as it allows anyone to get in?   Do you have any resources for creating and/or enabling sftp.  Do most users just use annonymous for ftp?  I dont have much experience with it.  Thanks.
0
 
LVL 1

Accepted Solution

by:
potuncle earned 1050 total points
ID: 11711440
FTP to another server with a drive mapped has the same security risks as ftping directly to the server. Anonymous access would allow anyone to connect and access files which is bad. Basically FTP and Telnet are very bad because they are unencrypted, even when you send your password, so it is relatively easy for a hacker to capture your username/password. SSH is a secure replacement for Telnet. SSH uses strong encryption even when transferring the password. FTP and other services can work through SSH to provide secure and encrypted data transfer. The following site has lots of information about installing a SSH server on Windows and how to use WinSCP (a secure file transfer protocol): http://www.jfitz.com/tips/ssh_for_windows.html

All that aside, it is generally bad to use a domain controller as anything other than a domain controller. Why? If it goes down for any reason then all the computers on the domain that authenticate via the domain controller will be unable to access any of the resources/shares on the domain. Also, the domain controller has some very important and confidential data on it such as all the usernames/passwords for all the users on your domain. For sharing files out to other computers on the domain or out to the Internet, I highly suggest using another computer that is not the domain controller as the file server.

Jason
0
 

Author Comment

by:Sp0cky
ID: 11712345
Thank you Jason.  You seem to be knowledgeable on this subject so I want to ask you a follow up question.  We are using SSL for the exchange OWA portion of our public folder and mail server.  

Meaning: Whenever a user connects to our domain ctrlr/exchange server for access (to public folders mainly) they are REQUIRED to use 128bit SSL throught the web interface.  To the best of my knowledge, the way it works is that even IF the hacker gets the username and password, they MUST have the certificate MATCHING that user as well ON THEIR COMPUTER (emphasizing not shouting).   Do you feel that is secure enough (your opinion?).  Also, just because the session is encrypted, the username and password can always be read..even if we are using Windows Integrated Authentication right?  Is it any harder to get the username and password considering our set up?  Is it any harder for a hacker to get in considering our set up?  Thanks again.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question