Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

windows 2003 secure ftp

Posted on 2004-12-12
10
Medium Priority
?
13,517 Views
Last Modified: 2011-09-20
what would be the best route to take for ftp service on a windows 2003 server machine.  I am going to be having information uploaded for websites and want a secure approach to loging into the ftp and transfering data securely... what would be best?  Would the ftp program that came with windows 03 server be a wise choice?    If not, what other programs should i be looking at...
0
Comment
Question by:meatdog8
10 Comments
 
LVL 2

Expert Comment

by:Nick_Chvr
ID: 12806598
IIS 6.0.  It should be included with your copy of 2k3.  You'll have to add the component in add/remove programs.  Set the ftp up and allow no anonymous access, only username and pword.  You can even put it on a non-standard port besides the usually 21.  This will keep mass ftp scanners from hitting your site.
0
 
LVL 2

Accepted Solution

by:
java_programmer earned 200 total points
ID: 12809118
Hi,

I would not use FTP since the data is passed in the clear, changing ports or using different user names does not solve the issue of encryption etc...

SSH is the industry norm for secure data transfer unless you want to kick it up a notch with entrust or something.

I would install Cygwin on your server, with OpenSSH then copy files using sftp, basically it would tunnel the ftp traffic over an encryped pipe.

Cheers,
Derek
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 12809228
Java_programmer is correct, BUT, how secure do you actually want the site to be? Why I'm asking is because on windows 2003 you can configure the ftp site with the following "security" options:
restricted username/password access;
ftp access only allowed from specified IP addresses;
read/write/browse folder access restrictions(on both ftp service configuration as well as on the actual windows folder);
Secure access via a client certificate.

However if it is a requirement for more secure communications (non-clear text transfers) then yeah, I agree with java_programmer, get another FTP service for your communications to the windows 2003 server.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 1

Author Comment

by:meatdog8
ID: 12809691
Java,

       Is running Cygwin on my server secure... sorry i've never heard much about cygwin... I read most everything on their site and did not see anything about security... is cygwin safe to run on a server?  

       Any other program suggestions for a secure ftp server?
0
 
LVL 2

Expert Comment

by:java_programmer
ID: 12809780
Cygwin is a "unix" environment for Windows. It is as safe as the applications you install/turn on.. for example if you run an old apache under Cygwin, and apache has some vulnerability....

The latest build is SSH is safe and secure, so your server would remain safe and secure. Also a LOT of people use it... do a google on SSH CYGWIN ... I am using it here, my only complaint is the interaction of SSH and windows programs... so if you run cmd within a cygwin shell, you'll lock it... but as standard commands like ps, secure ftp, kill etc are all very reliable.

There are some win32 openssh ports, but they tend to have a lot of issues...  There are also commercial windows based ssh setups, but are a bit expensive .... (check out pragma http://www.pragmasys.com/ClientSuite/) $599 USD

Cheers,
Derek
0
 
LVL 1

Author Comment

by:meatdog8
ID: 12810032
java,
          thank you very much for your input.  sounds like cygwin is the answer to my question...
0
 
LVL 1

Author Comment

by:meatdog8
ID: 12859719
java

where do i create new users/passwords and how do i associate that username with a directory?  I'll open another question if you would like for points...
0
 
LVL 1

Author Comment

by:meatdog8
ID: 12860299
I started another quesion.. reguarding the last statement

http://www.experts-exchange.com/Applications/Q_21247468.html
0
 

Expert Comment

by:nealmcdonald
ID: 13982891
I am in the middle of implementing this thread. I have set up a Win 2k3 Enterprise box and from my research, I heard there's issues with Cygwin on this OS. I would consider using FreeBSD or some Linux OS. This machine will only be performing SFTP to many insecure clients. What is the best approach considering OS's and ease of use for clients?


Thanks... I just signed up today and love this site!


Neal
0
 
LVL 1

Author Comment

by:meatdog8
ID: 13990697
what issues have you heard of?  I would like to know... I usually have people download WinSCP to connect to cygwin...
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question