[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Securing FTP

Posted on 2006-04-02
Medium Priority
Last Modified: 2012-05-05
I am setting up FTP to allow only a few users to connect.  I am aware of the clear text password issue, so I created a group called 'FTP'.  I then created a user 'FTPUser', and changed the group membership from the 'Users' group to the 'FTP' group.  I am isolating the group/user combination to the FTP directory via NTFS permissions that I propigated throughout the FTP folder structure.  I figure if someone captures the password, they can only access this directory structure and nothing else.  Does this sound like a good plan?  Is there anything else I can do further to secure this?
Question by:bleujaegel

Accepted Solution

bourneisp earned 1200 total points
ID: 16357787
Hi bleujaegel,
This sounds like you are following the guidelines set out by microsoft article which is reference throughout EE.

if you are aware of the IP addresses of where your using are coming from you could set the directory access to a default of deny unless ip = the addresses you allow.

This means someone whould have to capture the pass as well as spoof the source address they are comign from.

I think that is about as secure as you can get it

LVL 15

Assisted Solution

Darwinian999 earned 800 total points
ID: 16357852
Instead of using FTP, you might be able to use SCP or SFTP, which is secure.

Open Source SSH Server (SCP and SFTP uses SSH as its transport) for Windows: http://sshwindows.sourceforge.net/
Open Source SCP & SFTP client for Windows: http://sourceforge.net/projects/winscp/

An article on SSH / SCP / SFTP for Windows: http://www.jfitz.com/tips/ssh_for_windows.html
An article on setting up a SFTP Server on Windows: http://www.digitalmediaminute.com/article/1487/setting-up-a-sftp-server-on-windows

Author Comment

ID: 16357871
Good point to deny by IP.

I will check out the secure FTP apps.  


Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Integration Management Part 2
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question