Most Secure FTP

Posted on 2005-04-26
Medium Priority
Last Modified: 2013-12-04
I recently have come into a need for an FTP/File Server.  I have clients who need to upload and download multiple files at a time.  They have a machine running 2003 advanced server.  I was wondering if some of you windows security gurus can give me an idea of what would be the safest FTP/file sharing solution to make this happen.  I dont need anything encrypted because most of the files are just large images of architecture.  But we would love to keep all unwanted people off of our server and bandwidth.  

BTW, People will be connecting to this box from around the world not just inside a local lan.

Question by:savone
  • 2
LVL 38

Accepted Solution

Rich Rumble earned 1500 total points
ID: 13868835
You should password protect the site. One of the most secure FTP programs for windows is BulletProofFTP http://www.bpftp.com/
But there are many you can use, as long as you keep up2date with upgrades and patches, you should have few vulnerabilities.

A firewall is also necessary in most cases to block any unnecessary ports that do not need to be seen by others, and one of the best ways to secure any program would be to only allow access from certain ip address's that way no one that is not approved can even see you have an FTp server. This is not always possible if you have users that use dial-up or cable/dsl as the ip can change from time to time. A vpn solution is probably best all around, you can block all ports but the vpn listening port, and once the users are logged in via the vpn they can access the ftp server or file server.

And in keeping with best practices, you should probably have AV instaled on the box, and keep up2date with all patches and updates for the OS as well, even in the VPN situation for good measure.

Expert Comment

ID: 13869995

2003 advanced server includes a FTP server.
once enabled you can define user names and passwords from the server. if they already have an account on the server, then you would just grant that user access and he/she can login with their existing username/password (otherwise you can create a special account for them, just as easy)


Expert Comment

ID: 13870442
use SFTP (Secure FTP).... this uses SSL encryption much like a web site does and is more secure than just regular FTP... might need to check to make sure you have a client that will connect to it, but it is the best route to go...

Expert Comment

ID: 13870459
one other think to keep in mind is that when you set up an FTP server, prepare yourself for an onslaught of attempts from those who shouldnt have access... secure with passwords... mask and use a different port outside of the default ports... make sure logging is turned on and DO NOT RUN A FTP SERVER WITHOUT A FIREWALL IN FRONT OF IT! I cant stress this enough :)

I had my FTP server turned on for a few hours and ended up having hits in the logs from all over the world for the next month....

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question