Securing FTP server

Hi

I have built an FTP server using the CoreFTP product and will be using the Core client to connect.

http://www.coreftp.com/

There is the option of using either SSL/TLS or SSH2 (SFTP). Is one more secure than the other?

We are using a Cisco PIX 506E firewall and would be giving the FTP server a NAT'd address, so that people outside the network can use it to, although this will be tied down by IP address, and files will be encrypted using AES when being uploaded/downloaded. I've heard many people complain that configuring the port range using SSL/TLS is a complete nightmare, whereas SFTP uses only 22.

An additional question is that the box I am running this server on is Windows 2003 at the moment, since I was planning on using MS's FTP server, however that seems too insecure. Am I ok to leave as it is, or should I rebuild the machine using XP, since Server functionality is not needed? Or would this not make a difference?

Many thanks in advance.
LVL 2
Dilan77Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
giltjrConnect With a Mentor Commented:
SFTP can be simpler to setup, but you may have more issues locking down your sever.  SFTP is really not FTP, it is a "scripted SSH session" that copies a file.  If you setup SFTP on your server then users can SSH into it, because it is required.  

I have heard that there are ways to secure the sever so that only SFTP can be done, but I have not look at how to do this.
 

Because of a unique enviroment I am in FTPS (TSL/SSL FTP) was much easier and simpler for me to use.  Configuring a port range on a firewall for FTPS can become a pain, but it is something we (and our customers) have to live with due to our enviroment.

How many clients do you plan on using the box as a sever (FTP or otherwise)?  XP only allows a max of 10 unique IP addresses using it (the XP box) as a sever.  So if you have 11 sites that need to use your FTP sever, only 10 can connect at once.
0
 
Dilan77Author Commented:
Thanks mate...the FTP box will only be used scarcely for the time being, but may as well keep it as 2003 for future-proofing.

Cheers
0
All Courses

From novice to tech pro — start learning today.