Solved

What rights does a user need to access FTP anonymously on a domain controller?  Also..can I use SSL with FTP?

Posted on 2004-08-03
4
392 Views
Last Modified: 2011-09-20
Internet Explorer 6.0.  Can I use certs or a better way to authenticate using FTP?  Thanks.
0
Comment
Question by:Sp0cky
  • 2
  • 2
4 Comments
 
LVL 1

Expert Comment

by:potuncle
ID: 11709773
You want to be able to ftp to your domain controller? From outside of your network? If so, allowing such would be a very bad thing. For secure ftp try sftp. It combines ftp and ssh and is relatively secure. But, I'm still not exactly sure what you are asking.

Jason
0
 

Author Comment

by:Sp0cky
ID: 11710118
Hmm..maybe I should FTP from another server and map a drive to my domain controller?  or is that the same security risk?  

"But, I'm still not exactly sure what you are asking."

You have answered my question in part.  I am looking for a way to avoid hacker's from "packet sniffing" our passwords when we connect to the ftp server.   Is this why anonymous access is recommended?  So that a password is not transferred?  Isn't anonymous access just as bad though as it allows anyone to get in?   Do you have any resources for creating and/or enabling sftp.  Do most users just use annonymous for ftp?  I dont have much experience with it.  Thanks.
0
 
LVL 1

Accepted Solution

by:
potuncle earned 350 total points
ID: 11711440
FTP to another server with a drive mapped has the same security risks as ftping directly to the server. Anonymous access would allow anyone to connect and access files which is bad. Basically FTP and Telnet are very bad because they are unencrypted, even when you send your password, so it is relatively easy for a hacker to capture your username/password. SSH is a secure replacement for Telnet. SSH uses strong encryption even when transferring the password. FTP and other services can work through SSH to provide secure and encrypted data transfer. The following site has lots of information about installing a SSH server on Windows and how to use WinSCP (a secure file transfer protocol): http://www.jfitz.com/tips/ssh_for_windows.html

All that aside, it is generally bad to use a domain controller as anything other than a domain controller. Why? If it goes down for any reason then all the computers on the domain that authenticate via the domain controller will be unable to access any of the resources/shares on the domain. Also, the domain controller has some very important and confidential data on it such as all the usernames/passwords for all the users on your domain. For sharing files out to other computers on the domain or out to the Internet, I highly suggest using another computer that is not the domain controller as the file server.

Jason
0
 

Author Comment

by:Sp0cky
ID: 11712345
Thank you Jason.  You seem to be knowledgeable on this subject so I want to ask you a follow up question.  We are using SSL for the exchange OWA portion of our public folder and mail server.  

Meaning: Whenever a user connects to our domain ctrlr/exchange server for access (to public folders mainly) they are REQUIRED to use 128bit SSL throught the web interface.  To the best of my knowledge, the way it works is that even IF the hacker gets the username and password, they MUST have the certificate MATCHING that user as well ON THEIR COMPUTER (emphasizing not shouting).   Do you feel that is secure enough (your opinion?).  Also, just because the session is encrypted, the username and password can always be read..even if we are using Windows Integrated Authentication right?  Is it any harder to get the username and password considering our set up?  Is it any harder for a hacker to get in considering our set up?  Thanks again.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Top honey pots & reviews of canary 7 53
Home firewall recommendations 11 85
Reverse Proxy and Office 365 integration 1 59
TLS 1.0 & Windows 7 - How to disable? 16 107
The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
OnPage: Incident management and secure messaging on your smartphone
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question