Solved

Securing FTP server

Posted on 2006-11-18
2
231 Views
Last Modified: 2010-04-11
Hi

I have built an FTP server using the CoreFTP product and will be using the Core client to connect.

http://www.coreftp.com/

There is the option of using either SSL/TLS or SSH2 (SFTP). Is one more secure than the other?

We are using a Cisco PIX 506E firewall and would be giving the FTP server a NAT'd address, so that people outside the network can use it to, although this will be tied down by IP address, and files will be encrypted using AES when being uploaded/downloaded. I've heard many people complain that configuring the port range using SSL/TLS is a complete nightmare, whereas SFTP uses only 22.

An additional question is that the box I am running this server on is Windows 2003 at the moment, since I was planning on using MS's FTP server, however that seems too insecure. Am I ok to leave as it is, or should I rebuild the machine using XP, since Server functionality is not needed? Or would this not make a difference?

Many thanks in advance.
0
Comment
Question by:Dilan77
2 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 17972444
SFTP can be simpler to setup, but you may have more issues locking down your sever.  SFTP is really not FTP, it is a "scripted SSH session" that copies a file.  If you setup SFTP on your server then users can SSH into it, because it is required.  

I have heard that there are ways to secure the sever so that only SFTP can be done, but I have not look at how to do this.
 

Because of a unique enviroment I am in FTPS (TSL/SSL FTP) was much easier and simpler for me to use.  Configuring a port range on a firewall for FTPS can become a pain, but it is something we (and our customers) have to live with due to our enviroment.

How many clients do you plan on using the box as a sever (FTP or otherwise)?  XP only allows a max of 10 unique IP addresses using it (the XP box) as a sever.  So if you have 11 sites that need to use your FTP sever, only 10 can connect at once.
0
 
LVL 2

Author Comment

by:Dilan77
ID: 17975975
Thanks mate...the FTP box will only be used scarcely for the time being, but may as well keep it as 2003 for future-proofing.

Cheers
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now