Solved

Securing FTP server

Posted on 2006-11-18
2
236 Views
Last Modified: 2010-04-11
Hi

I have built an FTP server using the CoreFTP product and will be using the Core client to connect.

http://www.coreftp.com/

There is the option of using either SSL/TLS or SSH2 (SFTP). Is one more secure than the other?

We are using a Cisco PIX 506E firewall and would be giving the FTP server a NAT'd address, so that people outside the network can use it to, although this will be tied down by IP address, and files will be encrypted using AES when being uploaded/downloaded. I've heard many people complain that configuring the port range using SSL/TLS is a complete nightmare, whereas SFTP uses only 22.

An additional question is that the box I am running this server on is Windows 2003 at the moment, since I was planning on using MS's FTP server, however that seems too insecure. Am I ok to leave as it is, or should I rebuild the machine using XP, since Server functionality is not needed? Or would this not make a difference?

Many thanks in advance.
0
Comment
Question by:Dilan77
2 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 17972444
SFTP can be simpler to setup, but you may have more issues locking down your sever.  SFTP is really not FTP, it is a "scripted SSH session" that copies a file.  If you setup SFTP on your server then users can SSH into it, because it is required.  

I have heard that there are ways to secure the sever so that only SFTP can be done, but I have not look at how to do this.
 

Because of a unique enviroment I am in FTPS (TSL/SSL FTP) was much easier and simpler for me to use.  Configuring a port range on a firewall for FTPS can become a pain, but it is something we (and our customers) have to live with due to our enviroment.

How many clients do you plan on using the box as a sever (FTP or otherwise)?  XP only allows a max of 10 unique IP addresses using it (the XP box) as a sever.  So if you have 11 sites that need to use your FTP sever, only 10 can connect at once.
0
 
LVL 2

Author Comment

by:Dilan77
ID: 17975975
Thanks mate...the FTP box will only be used scarcely for the time being, but may as well keep it as 2003 for future-proofing.

Cheers
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to restore security permissions on a file server 4 54
More Wifi, 5 59
Should One Always Sign Out Of Admin User A/C 5 65
Open Encryption Software Advice needed 4 51
Here are the five steps I suggest to every sysadmin to fix the fall-out from a security breach.
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question