Is hosting FTP on Windows Server 2008 R2 Domain Controller secure?

Posted on 2012-09-06
Last Modified: 2012-09-07
I would like to setup FTP on my Windows Server 2008 R2 domain controller and I would like the FTP to be available on the internet so therefore the DC will be out on the internet.

Is it secure for my domain controller to be available on the internet?
Question by:GreyHippo
    LVL 4

    Expert Comment

    FTP is not going to be considered secure. SFTP (through SSH) is secure, however server 2008 R2 doesn't do this out of the box and you will need a 3rd party tool to do it.

    Filezilla or Smartftp both provide good solutions but there are honestly dozens that do this.

    This has a great tutorial about them and is what I used to start mine.

    Author Comment

    In the past I was testing out remote access and I had a domain controller on the internet, it was in the DMZ.  While I was testing over a period of a few days I noticed a bunch of unexpected failed login events coming from the internet which lead me to believe that someone was trying to hack into my server.  

    Ignoring FTP, will installing SSH on my server help prevent future hacking if the server is available in the internet?

    If the files I will be making available thru FTP do not contain sensitive data do I still need to worry about FTP being secure?
    LVL 4

    Accepted Solution

    If you are running the 2008 server as a domain controller I would not run an FTP server on it. If you can put a simple box that runs an FTP server in your DMZ and then use internal SFTP or another secure means of getting the data to your domain, that's a better overall solution.

    I wouldn't ever consider putting an FTP server on a domain controller if you can avoid it :/

    Author Closing Comment

    Thanks for the info.
    LVL 16

    Expert Comment

    You could put a scriptable FTP, FTPS or SFTP server in the DMZ with an upload event script that automatically moves files into your network.  Here is a sample event script that moves a file... you could use this as a starting point:

    Featured Post

    Too many email signature changes to deal with?

    Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

    Join & Write a Comment

    Here's a useful script that will automatically delete ALL user profiles that are on a Windows Server 2008/R2 computer.   WARNING! This is a dangerous operation, designed for use by an administrator who needs to do a complete purge; for instance a…
    We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
    This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now