?
Solved

Is hosting FTP on Windows Server 2008 R2 Domain Controller secure?

Posted on 2012-09-06
5
Medium Priority
?
2,119 Views
Last Modified: 2012-09-07
I would like to setup FTP on my Windows Server 2008 R2 domain controller and I would like the FTP to be available on the internet so therefore the DC will be out on the internet.

Is it secure for my domain controller to be available on the internet?
0
Comment
Question by:GreyHippo
  • 2
  • 2
5 Comments
 
LVL 4

Expert Comment

by:JRaasumaa
ID: 38372908
FTP is not going to be considered secure. SFTP (through SSH) is secure, however server 2008 R2 doesn't do this out of the box and you will need a 3rd party tool to do it.

Filezilla or Smartftp both provide good solutions but there are honestly dozens that do this.

http://www.windowsnetworking.com/articles_tutorials/install-SSH-Server-Windows-Server-2008.html

This has a great tutorial about them and is what I used to start mine.
0
 

Author Comment

by:GreyHippo
ID: 38373235
In the past I was testing out remote access and I had a domain controller on the internet, it was in the DMZ.  While I was testing over a period of a few days I noticed a bunch of unexpected failed login events coming from the internet which lead me to believe that someone was trying to hack into my server.  

Ignoring FTP, will installing SSH on my server help prevent future hacking if the server is available in the internet?

If the files I will be making available thru FTP do not contain sensitive data do I still need to worry about FTP being secure?
0
 
LVL 4

Accepted Solution

by:
JRaasumaa earned 2000 total points
ID: 38373282
If you are running the 2008 server as a domain controller I would not run an FTP server on it. If you can put a simple box that runs an FTP server in your DMZ and then use internal SFTP or another secure means of getting the data to your domain, that's a better overall solution.

I wouldn't ever consider putting an FTP server on a domain controller if you can avoid it :/
0
 

Author Closing Comment

by:GreyHippo
ID: 38373416
Thanks for the info.
0
 
LVL 16

Expert Comment

by:AlexPace
ID: 38376677
You could put a scriptable FTP, FTPS or SFTP server in the DMZ with an upload event script that automatically moves files into your network.  Here is a sample event script that moves a file... you could use this as a starting point: http://kb.robo-ftp.com/script_library/show/46
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question