Solved

What rights does a user need to access FTP anonymously on a domain controller?  Also..can I use SSL with FTP?

Posted on 2004-08-03
4
400 Views
Last Modified: 2011-09-20
Internet Explorer 6.0.  Can I use certs or a better way to authenticate using FTP?  Thanks.
0
Comment
Question by:Sp0cky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 1

Expert Comment

by:potuncle
ID: 11709773
You want to be able to ftp to your domain controller? From outside of your network? If so, allowing such would be a very bad thing. For secure ftp try sftp. It combines ftp and ssh and is relatively secure. But, I'm still not exactly sure what you are asking.

Jason
0
 

Author Comment

by:Sp0cky
ID: 11710118
Hmm..maybe I should FTP from another server and map a drive to my domain controller?  or is that the same security risk?  

"But, I'm still not exactly sure what you are asking."

You have answered my question in part.  I am looking for a way to avoid hacker's from "packet sniffing" our passwords when we connect to the ftp server.   Is this why anonymous access is recommended?  So that a password is not transferred?  Isn't anonymous access just as bad though as it allows anyone to get in?   Do you have any resources for creating and/or enabling sftp.  Do most users just use annonymous for ftp?  I dont have much experience with it.  Thanks.
0
 
LVL 1

Accepted Solution

by:
potuncle earned 350 total points
ID: 11711440
FTP to another server with a drive mapped has the same security risks as ftping directly to the server. Anonymous access would allow anyone to connect and access files which is bad. Basically FTP and Telnet are very bad because they are unencrypted, even when you send your password, so it is relatively easy for a hacker to capture your username/password. SSH is a secure replacement for Telnet. SSH uses strong encryption even when transferring the password. FTP and other services can work through SSH to provide secure and encrypted data transfer. The following site has lots of information about installing a SSH server on Windows and how to use WinSCP (a secure file transfer protocol): http://www.jfitz.com/tips/ssh_for_windows.html

All that aside, it is generally bad to use a domain controller as anything other than a domain controller. Why? If it goes down for any reason then all the computers on the domain that authenticate via the domain controller will be unable to access any of the resources/shares on the domain. Also, the domain controller has some very important and confidential data on it such as all the usernames/passwords for all the users on your domain. For sharing files out to other computers on the domain or out to the Internet, I highly suggest using another computer that is not the domain controller as the file server.

Jason
0
 

Author Comment

by:Sp0cky
ID: 11712345
Thank you Jason.  You seem to be knowledgeable on this subject so I want to ask you a follow up question.  We are using SSL for the exchange OWA portion of our public folder and mail server.  

Meaning: Whenever a user connects to our domain ctrlr/exchange server for access (to public folders mainly) they are REQUIRED to use 128bit SSL throught the web interface.  To the best of my knowledge, the way it works is that even IF the hacker gets the username and password, they MUST have the certificate MATCHING that user as well ON THEIR COMPUTER (emphasizing not shouting).   Do you feel that is secure enough (your opinion?).  Also, just because the session is encrypted, the username and password can always be read..even if we are using Windows Integrated Authentication right?  Is it any harder to get the username and password considering our set up?  Is it any harder for a hacker to get in considering our set up?  Thanks again.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month4 days, 9 hours left to enroll

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question