Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Should I install FTP on IIS 6.0?

Posted on 2005-04-02
7
Medium Priority
?
608 Views
Last Modified: 2007-12-19
Hello,

I have a Windows 2003 IIS 6.0 Web server.  I am thinking of allowing customers to be able to FTP into their own Web site and transfer files.  

What kind of security threats are involved?  
Are their safer alternatives to FTP that would allow a customer to update Web files?  
What are some common support issues that are dealt with?

Thanks in advance.
0
Comment
Question by:rudyflyer
7 Comments
 
LVL 37

Accepted Solution

by:
meverest earned 1000 total points
ID: 13689642
ftp is a common access technique.

best practice is to make sure that each user logs in under their own credentials, and use those same credentials as the IIS anonymous user for their web site and content.  be explicit with permissions for that user to only have write access to their own web folders, and no rights to other user data.

this will effectively sandbox all web sites.

Cheers.
0
 
LVL 37

Expert Comment

by:meverest
ID: 13689692
also, here is a previous discussion on a similar subject:

http://www.experts-exchange.com/Web/Web_Servers/IIS/Q_21225078.html?query=ftp+user+meverest&clearTAFilter=true

and with win2k3, you can set the ftp service to automtaocally isolate users to the subdirectory which is useful additional security.

Cheers.
0
 
LVL 1

Expert Comment

by:maZe84
ID: 13691967
hmm

i hate FTP

i think SFTP is a better way, and it is "secure"
with FTP its easy to sniff in a wireless network, or behind a switch with rooter Spoofing.
The password is sent in cleartext.

in SFTP it is secured with TLS/ SSL

mfg maZe
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 4

Expert Comment

by:madhubk
ID: 13714468
Do include a virus check soon after the upload. If a virus is found may be you can quarantine the file and send the user an email regarding the virus.

Madhu
0
 
LVL 37

Expert Comment

by:meverest
ID: 13714580
>> i think SFTP is a better way, and it is "secure"

that may be true, but IIS does not support sftp at version 6.  IIS7 maybe, but we will not know until it is released.

Cheers.
0
 
LVL 2

Expert Comment

by:WebSpecials
ID: 13717316
yes.. but why do you need the service run on IIS?

mfg WebSpecials
0
 
LVL 37

Expert Comment

by:meverest
ID: 13722711
>> yes.. but why do you need the service run on IIS?

umm, because this topic area is "Web Servers - IIS"?  and therefore i think that it is safe to assume that we are dealing with an IIS question here.

Cheers.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question