Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 298
  • Last Modified:

Securing FTP Site using VPN

Hi,

I have sbs2003 with an ftp site. I have hardened ACL, have password authentication, configured lockout policy, etc...everything that can be done to block outside ftp users trying to crack password.

The only thing I have not done is deny access to everyone accept valid IP addresses. However, before I implement that I wanted to explore some reasons why I continue to see session even after an ip is blocked. Also, events continue to be logged in System and Security from that same ip address. Any thoughts?

Also, how can I implement FTP Site using VPN.

Thanks,
Mr. B
0
birenshukla
Asked:
birenshukla
  • 3
  • 2
1 Solution
 
r-kCommented:
"However, before I implement that I wanted to explore some reasons why I continue to see session even after an ip is blocked. Also, events continue to be logged in System and Security from that same ip address."

How did you lock out that IP?

The way to do it is via IIS Manager -> Right-click on FTP site -> Properties -> Directory Security, and add that IP address so it is blocked, etc.

0
 
birenshuklaAuthor Commented:
that is exactly how i blocked the ip. I have other ipc blocked as well and they do not show.
0
 
kruptosCommented:
It may be possible that someone may be spoofing IP. It may look like it is coming from the blocked IP but you can mask the IP with a fake one. This will allow the spoofed IP to be logged but the real one to get through. Not sure if that is the case here though.

What is the FTP site being used for? Internal employees? Customers? That will help us determin the best way to deploy a VPN solution.

-Kruptos
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
birenshuklaAuthor Commented:
FTP site is strictly for selected customers. I have explored options to deny to everyone except the public IP addresses but that is alwasys hard to get from customers and would need continuous maintenance. Therefore the VPN option. I would say at the most 5 customers connect from time to time.
0
 
kruptosCommented:
You could set up a VPN that will only allow access directly to the server that is acting as FTP. It really depends on what type of firewall you have and it capabilities.

Depending on how secure you want to get will determin the architecture. Personally I woud never run FTP and IIS on SBS if that is your only server. Do you have other servers as well or just the SBS server?

If youc an let me know what type of firewall you have running I may be able to give you some ideas on how to set up the VPN for FTP access.

-Kruptos
0
 
birenshuklaAuthor Commented:
Thanks. Will try that. I have been continuoing to deny bad guys but that is about it. I am going to get a industry grade firewall.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now