Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Newbie needs advice on setting up FTP server

Posted on 2006-07-09
7
Medium Priority
?
173 Views
Last Modified: 2010-04-13
Hello,

I am trying to get some advice on setting an FTP server for my office. We have a Win2000 server, with a Netgear FVS 318 router.

I would like to have an FTP server for the following reasons:

A) Allow the company employees (5 total) to access our server from anywhere and d/l or u/l large files,

B) allow our clients same as above, except they can only u/l and/or d/l to their specfic folder

C) allow our vendors same as "B" above,

I envision that for A, there would be full read/write access to the server, but for B and C, it would be folder specific to the logged in user.

Here are my questions:
1 - What software is required to setup FTP?

2 - What are the security issues?

3 - Is it possible to setup the FTP so that only certain individuals can see ALL the contents of the server, and then allow others Folder specific access?

My boss is very leary about FTP, and I have to convince him that it is safe, if it is configured properly.

He insists on using Go To My PC, which is fine, except not everyone has (or wants) GoToMyPC.

One last thing. If it will help the situation, we have been talking about upgrading to Win2003 server. Is that something you would also recomend?

Thanks in advance for your replies.

Phil
0
Comment
Question by:pelampe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 150 total points
ID: 17069248
1 - What software is required to setup FTP?
an FTP server comes with windows 2000. Install IIS (internet information services) and then you have an FTP server

2 - What are the security issues?
as with anything else sent over the net, it isn't secure.  If employees are going to be accessing this from home, i would highly recommend setting up a VPN for them to connect back to the office network, rather than opening up an FTP server open to everyone.


3 - Is it possible to setup the FTP so that only certain individuals can see ALL the contents of the server, and then allow others Folder specific access?

yes, all you have to do is set NTFS permissons on the files/folders just as you normally do (by rightclicking the file/folder, choose properties and go to the security tab
also rightclick on your 'ftp server' in IIS and setup the appropriate security there.
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 375 total points
ID: 17069452

Have a look here.  In addition to what has been said this site lists the typical permissions needed etc.  Each user that needs to logon to the FTP sever needs the "logon locally" user right to your server.  You give this in local security policy under Administrative tools, or if this is a domain controller then under domain controller policy.  if you can't find that please ask.

To have different people see different areas the easiest way is to use home directoires using virtual directories (explained in link below).  You basiclly setup the ftp server to a blank or very public area and give nothing but some read rights if anything.  You then create virtual directories which match each username pointing to where you want them to go to and confgiure permission in there using NTFS.  Turn off anonymous access if you don't need it at the ftp server level.

http://www.iisanswers.com/Top10FAQ/t10-FTPuersfolder.htm

Steve
0
 

Author Comment

by:pelampe
ID: 17069462
OK.

With regard to #1, IIS is the ONLY software that can be used?  Is it easy to use and configure? If you are basing your answer on cost (or in this case - IIS doesn't cost anything), you should know that we would be willing to pay up to say $150 to purchase a good FTP program, which I have heard Filezilla is good (although it is also free) .  So, would that change your answer any?

With regard to #2, you say FTP isn't secure.  Do you mean it CANNOT EVER be secure, or to make it secure, it would take a lot of difficult configuration?  VPN is OK as an option for us who work in the company, but I don't think it is viable for the "B" and "C" scenarios.  The FTP idea was actually MORE intended for the
"B" and "C" scenarios than for the people who already work in the company.

With regard to #3, with these permissions set as you describe, would the FTP be then secure?  Or is this a different issue altogether?  What ARE the security issues with using an FTP server?
0
Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 375 total points
ID: 17069556
The FTP protocol isn't secure.  It is not encrypted and passwords are sent as plain text.  There are a numbre of security issues:

1. Permissions you give people, maybe not realising it.  These can be tied down easily as long as you follow advise, e.g. from the link I gave above and also turn off anonymous access if you need to and restrict the members of the log on locally user right which are the only people who can logon. Make sure any passwords are long and 'difficult' to guess.

2. Vulnerabilities in the software.  AFAIK no issues with FTP server on IIS, and if there were they would be patched by MS I guess.

3. Inherent vulnerability in that the protocol is unencrypted so technicalyl anyone on a suitable bit of the internet *could* intercept your traffic. Not sure how likely that is when traffic probably goes only from your DSL line to your ISP through a few other ISP's and to the end user.

I suggest you don't use any administrative usernames to logon through FTP remotely for instance as the username and password would be sent in plain text over the internet.
0
 

Accepted Solution

by:
GothamProjects earned 225 total points
ID: 17074582
There are secure FTP servers avilable, which implement encryption over the FTP connection. However, I think these are above your budget (the first two I've check out WSFPT (http://www.ipswitch.com/products/ws_ftp-server/index.asp) and GlobalScapes FTP server (http://www.cuteftp.com/gsftps/secure_ftp_server.asp) are both in the $500 region.

As dragon-it mentioned the other option is to secure the channel of communications using a VPN. Your FVS318 router will allow you to configure VPN accounts, which arn't too inconvenient to use for most of your clients/suppliers using Windows computers. You can also use your router to limit the source IP addresses or times of the day etc, that the FTP site is available.

I guess the question to answer with your boss, is what is acceptable security? Well configured FTP accounts combined with thorough maintenance of those directories & permissions will account for most potential problems except for interception of the traffic. In reality, is interception likely to be a big problem?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17082007
Why the B grade?

Steve
0
 

Author Comment

by:pelampe
ID: 17087212
Sorry Steve, I'm new to this whole thing. I should've given you all a A. My bad.  It kind of threw me off, when I was deciding on closing the question, I was more focused on the points and all. Again, please accept my humble apologies.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question