Solved

Newbie needs advice on setting up FTP server

Posted on 2006-07-09
7
164 Views
Last Modified: 2010-04-13
Hello,

I am trying to get some advice on setting an FTP server for my office. We have a Win2000 server, with a Netgear FVS 318 router.

I would like to have an FTP server for the following reasons:

A) Allow the company employees (5 total) to access our server from anywhere and d/l or u/l large files,

B) allow our clients same as above, except they can only u/l and/or d/l to their specfic folder

C) allow our vendors same as "B" above,

I envision that for A, there would be full read/write access to the server, but for B and C, it would be folder specific to the logged in user.

Here are my questions:
1 - What software is required to setup FTP?

2 - What are the security issues?

3 - Is it possible to setup the FTP so that only certain individuals can see ALL the contents of the server, and then allow others Folder specific access?

My boss is very leary about FTP, and I have to convince him that it is safe, if it is configured properly.

He insists on using Go To My PC, which is fine, except not everyone has (or wants) GoToMyPC.

One last thing. If it will help the situation, we have been talking about upgrading to Win2003 server. Is that something you would also recomend?

Thanks in advance for your replies.

Phil
0
Comment
Question by:pelampe
7 Comments
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 50 total points
Comment Utility
1 - What software is required to setup FTP?
an FTP server comes with windows 2000. Install IIS (internet information services) and then you have an FTP server

2 - What are the security issues?
as with anything else sent over the net, it isn't secure.  If employees are going to be accessing this from home, i would highly recommend setting up a VPN for them to connect back to the office network, rather than opening up an FTP server open to everyone.


3 - Is it possible to setup the FTP so that only certain individuals can see ALL the contents of the server, and then allow others Folder specific access?

yes, all you have to do is set NTFS permissons on the files/folders just as you normally do (by rightclicking the file/folder, choose properties and go to the security tab
also rightclick on your 'ftp server' in IIS and setup the appropriate security there.
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 125 total points
Comment Utility

Have a look here.  In addition to what has been said this site lists the typical permissions needed etc.  Each user that needs to logon to the FTP sever needs the "logon locally" user right to your server.  You give this in local security policy under Administrative tools, or if this is a domain controller then under domain controller policy.  if you can't find that please ask.

To have different people see different areas the easiest way is to use home directoires using virtual directories (explained in link below).  You basiclly setup the ftp server to a blank or very public area and give nothing but some read rights if anything.  You then create virtual directories which match each username pointing to where you want them to go to and confgiure permission in there using NTFS.  Turn off anonymous access if you don't need it at the ftp server level.

http://www.iisanswers.com/Top10FAQ/t10-FTPuersfolder.htm

Steve
0
 

Author Comment

by:pelampe
Comment Utility
OK.

With regard to #1, IIS is the ONLY software that can be used?  Is it easy to use and configure? If you are basing your answer on cost (or in this case - IIS doesn't cost anything), you should know that we would be willing to pay up to say $150 to purchase a good FTP program, which I have heard Filezilla is good (although it is also free) .  So, would that change your answer any?

With regard to #2, you say FTP isn't secure.  Do you mean it CANNOT EVER be secure, or to make it secure, it would take a lot of difficult configuration?  VPN is OK as an option for us who work in the company, but I don't think it is viable for the "B" and "C" scenarios.  The FTP idea was actually MORE intended for the
"B" and "C" scenarios than for the people who already work in the company.

With regard to #3, with these permissions set as you describe, would the FTP be then secure?  Or is this a different issue altogether?  What ARE the security issues with using an FTP server?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 125 total points
Comment Utility
The FTP protocol isn't secure.  It is not encrypted and passwords are sent as plain text.  There are a numbre of security issues:

1. Permissions you give people, maybe not realising it.  These can be tied down easily as long as you follow advise, e.g. from the link I gave above and also turn off anonymous access if you need to and restrict the members of the log on locally user right which are the only people who can logon. Make sure any passwords are long and 'difficult' to guess.

2. Vulnerabilities in the software.  AFAIK no issues with FTP server on IIS, and if there were they would be patched by MS I guess.

3. Inherent vulnerability in that the protocol is unencrypted so technicalyl anyone on a suitable bit of the internet *could* intercept your traffic. Not sure how likely that is when traffic probably goes only from your DSL line to your ISP through a few other ISP's and to the end user.

I suggest you don't use any administrative usernames to logon through FTP remotely for instance as the username and password would be sent in plain text over the internet.
0
 

Accepted Solution

by:
GothamProjects earned 75 total points
Comment Utility
There are secure FTP servers avilable, which implement encryption over the FTP connection. However, I think these are above your budget (the first two I've check out WSFPT (http://www.ipswitch.com/products/ws_ftp-server/index.asp) and GlobalScapes FTP server (http://www.cuteftp.com/gsftps/secure_ftp_server.asp) are both in the $500 region.

As dragon-it mentioned the other option is to secure the channel of communications using a VPN. Your FVS318 router will allow you to configure VPN accounts, which arn't too inconvenient to use for most of your clients/suppliers using Windows computers. You can also use your router to limit the source IP addresses or times of the day etc, that the FTP site is available.

I guess the question to answer with your boss, is what is acceptable security? Well configured FTP accounts combined with thorough maintenance of those directories & permissions will account for most potential problems except for interception of the traffic. In reality, is interception likely to be a big problem?
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Why the B grade?

Steve
0
 

Author Comment

by:pelampe
Comment Utility
Sorry Steve, I'm new to this whole thing. I should've given you all a A. My bad.  It kind of threw me off, when I was deciding on closing the question, I was more focused on the points and all. Again, please accept my humble apologies.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now