Solved

Newbie needs advice on setting up FTP server

Posted on 2006-07-09
7
165 Views
Last Modified: 2010-04-13
Hello,

I am trying to get some advice on setting an FTP server for my office. We have a Win2000 server, with a Netgear FVS 318 router.

I would like to have an FTP server for the following reasons:

A) Allow the company employees (5 total) to access our server from anywhere and d/l or u/l large files,

B) allow our clients same as above, except they can only u/l and/or d/l to their specfic folder

C) allow our vendors same as "B" above,

I envision that for A, there would be full read/write access to the server, but for B and C, it would be folder specific to the logged in user.

Here are my questions:
1 - What software is required to setup FTP?

2 - What are the security issues?

3 - Is it possible to setup the FTP so that only certain individuals can see ALL the contents of the server, and then allow others Folder specific access?

My boss is very leary about FTP, and I have to convince him that it is safe, if it is configured properly.

He insists on using Go To My PC, which is fine, except not everyone has (or wants) GoToMyPC.

One last thing. If it will help the situation, we have been talking about upgrading to Win2003 server. Is that something you would also recomend?

Thanks in advance for your replies.

Phil
0
Comment
Question by:pelampe
7 Comments
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 50 total points
ID: 17069248
1 - What software is required to setup FTP?
an FTP server comes with windows 2000. Install IIS (internet information services) and then you have an FTP server

2 - What are the security issues?
as with anything else sent over the net, it isn't secure.  If employees are going to be accessing this from home, i would highly recommend setting up a VPN for them to connect back to the office network, rather than opening up an FTP server open to everyone.


3 - Is it possible to setup the FTP so that only certain individuals can see ALL the contents of the server, and then allow others Folder specific access?

yes, all you have to do is set NTFS permissons on the files/folders just as you normally do (by rightclicking the file/folder, choose properties and go to the security tab
also rightclick on your 'ftp server' in IIS and setup the appropriate security there.
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 125 total points
ID: 17069452

Have a look here.  In addition to what has been said this site lists the typical permissions needed etc.  Each user that needs to logon to the FTP sever needs the "logon locally" user right to your server.  You give this in local security policy under Administrative tools, or if this is a domain controller then under domain controller policy.  if you can't find that please ask.

To have different people see different areas the easiest way is to use home directoires using virtual directories (explained in link below).  You basiclly setup the ftp server to a blank or very public area and give nothing but some read rights if anything.  You then create virtual directories which match each username pointing to where you want them to go to and confgiure permission in there using NTFS.  Turn off anonymous access if you don't need it at the ftp server level.

http://www.iisanswers.com/Top10FAQ/t10-FTPuersfolder.htm

Steve
0
 

Author Comment

by:pelampe
ID: 17069462
OK.

With regard to #1, IIS is the ONLY software that can be used?  Is it easy to use and configure? If you are basing your answer on cost (or in this case - IIS doesn't cost anything), you should know that we would be willing to pay up to say $150 to purchase a good FTP program, which I have heard Filezilla is good (although it is also free) .  So, would that change your answer any?

With regard to #2, you say FTP isn't secure.  Do you mean it CANNOT EVER be secure, or to make it secure, it would take a lot of difficult configuration?  VPN is OK as an option for us who work in the company, but I don't think it is viable for the "B" and "C" scenarios.  The FTP idea was actually MORE intended for the
"B" and "C" scenarios than for the people who already work in the company.

With regard to #3, with these permissions set as you describe, would the FTP be then secure?  Or is this a different issue altogether?  What ARE the security issues with using an FTP server?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 125 total points
ID: 17069556
The FTP protocol isn't secure.  It is not encrypted and passwords are sent as plain text.  There are a numbre of security issues:

1. Permissions you give people, maybe not realising it.  These can be tied down easily as long as you follow advise, e.g. from the link I gave above and also turn off anonymous access if you need to and restrict the members of the log on locally user right which are the only people who can logon. Make sure any passwords are long and 'difficult' to guess.

2. Vulnerabilities in the software.  AFAIK no issues with FTP server on IIS, and if there were they would be patched by MS I guess.

3. Inherent vulnerability in that the protocol is unencrypted so technicalyl anyone on a suitable bit of the internet *could* intercept your traffic. Not sure how likely that is when traffic probably goes only from your DSL line to your ISP through a few other ISP's and to the end user.

I suggest you don't use any administrative usernames to logon through FTP remotely for instance as the username and password would be sent in plain text over the internet.
0
 

Accepted Solution

by:
GothamProjects earned 75 total points
ID: 17074582
There are secure FTP servers avilable, which implement encryption over the FTP connection. However, I think these are above your budget (the first two I've check out WSFPT (http://www.ipswitch.com/products/ws_ftp-server/index.asp) and GlobalScapes FTP server (http://www.cuteftp.com/gsftps/secure_ftp_server.asp) are both in the $500 region.

As dragon-it mentioned the other option is to secure the channel of communications using a VPN. Your FVS318 router will allow you to configure VPN accounts, which arn't too inconvenient to use for most of your clients/suppliers using Windows computers. You can also use your router to limit the source IP addresses or times of the day etc, that the FTP site is available.

I guess the question to answer with your boss, is what is acceptable security? Well configured FTP accounts combined with thorough maintenance of those directories & permissions will account for most potential problems except for interception of the traffic. In reality, is interception likely to be a big problem?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17082007
Why the B grade?

Steve
0
 

Author Comment

by:pelampe
ID: 17087212
Sorry Steve, I'm new to this whole thing. I should've given you all a A. My bad.  It kind of threw me off, when I was deciding on closing the question, I was more focused on the points and all. Again, please accept my humble apologies.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Both MMF (multi-mode fiber) and SMF (single-mode fiber) are types of optical fiber that can aid in communication applications. These thin strands of silica or glass will allow communication to occur between devices. The transmission of light between…
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now