Solved

Securing FTP server

Posted on 2006-11-18
2
240 Views
Last Modified: 2010-04-11
Hi

I have built an FTP server using the CoreFTP product and will be using the Core client to connect.

http://www.coreftp.com/

There is the option of using either SSL/TLS or SSH2 (SFTP). Is one more secure than the other?

We are using a Cisco PIX 506E firewall and would be giving the FTP server a NAT'd address, so that people outside the network can use it to, although this will be tied down by IP address, and files will be encrypted using AES when being uploaded/downloaded. I've heard many people complain that configuring the port range using SSL/TLS is a complete nightmare, whereas SFTP uses only 22.

An additional question is that the box I am running this server on is Windows 2003 at the moment, since I was planning on using MS's FTP server, however that seems too insecure. Am I ok to leave as it is, or should I rebuild the machine using XP, since Server functionality is not needed? Or would this not make a difference?

Many thanks in advance.
0
Comment
Question by:Dilan77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 17972444
SFTP can be simpler to setup, but you may have more issues locking down your sever.  SFTP is really not FTP, it is a "scripted SSH session" that copies a file.  If you setup SFTP on your server then users can SSH into it, because it is required.  

I have heard that there are ways to secure the sever so that only SFTP can be done, but I have not look at how to do this.
 

Because of a unique enviroment I am in FTPS (TSL/SSL FTP) was much easier and simpler for me to use.  Configuring a port range on a firewall for FTPS can become a pain, but it is something we (and our customers) have to live with due to our enviroment.

How many clients do you plan on using the box as a sever (FTP or otherwise)?  XP only allows a max of 10 unique IP addresses using it (the XP box) as a sever.  So if you have 11 sites that need to use your FTP sever, only 10 can connect at once.
0
 
LVL 2

Author Comment

by:Dilan77
ID: 17975975
Thanks mate...the FTP box will only be used scarcely for the time being, but may as well keep it as 2003 for future-proofing.

Cheers
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question