Risks of using ftp to upload files to a folder in IIS?

Hi,

What are the security risks of using ftp to upload files to a folder in IIS?

What would be exposed or not? What to do?

Br
LVL 12
jazzIIIloveAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
The same risk as if you in your website allow uploads. if you allow anonymous uploads to ftp server then anyone and their nasty cousin can upload junk there.
0
jazzIIIloveAuthor Commented:
Hi David;

The machine having IIS is under Cisco VPN, i think the user who should upload those files need VPN client and authorization to upload the files on that given folder.

My other question is that does VPN enough with FTP or do we need SFTP?

As an umbrella question, how can we limit the user in a way that he/she uploads those files under a specific folder but just that folder, no other folder in that website setup?

Br.
0
David Johnson, CD, MVPOwnerCommented:
I would think that a vpn is sufficient protection.. Please note I do not like the microsoft ftp server I use filezilla instead and it is very easy using filezilla to have several different users including an anonymous user restricted to a directory
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

jazzIIIloveAuthor Commented:
On usability level, what would be the trade off using FTPS against VPN?

1) Can a hacker infiltrate the network during the transmission of the files when in VPN?

2) Can a hacker infiltrate the network during the transmission of the files when when having FTPS as connection protocol?

I am not a hacker but asking just for my security sake.

Br.
0
David Johnson, CD, MVPOwnerCommented:
no to the above (as both are encrypted end to end) and please do not mix sftp and ftps (they are two completely different animals.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jazzIIIloveAuthor Commented:
So no practical difference in both SSL and VPN?
0
David Johnson, CD, MVPOwnerCommented:
vpn you authenticate the client
SSL authenticates the server
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.