Link to home
Start Free TrialLog in
Avatar of Paramvir S
Paramvir SFlag for United States of America

asked on

What are security best practices for a FTP(S) server?

We have an FTPS (FTP over TLS) server setup. I am seeing consistent hacker attempts to log in and access the server. I fear that if one of our partners attempts to use regular FTP (without encrypting username/passwords), they will compromise their credentials to our FTP server even though they will be denied access. Although I know SFTP is the most secure route, some of our trading partners don't support SFTP.

What are some best practices to block all of this hacker traffic to our FTPS server?

Should we go the route of "allowable" IPs and only allow traffic from our trading partners Clients' IP?

Would love to hear other's thoughts on this.



SOLUTION
Avatar of Kimputer
Kimputer

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Paramvir S

ASKER

Thanks, Kumputer for the suggestions. Is anti-hammering protection just some sort of "lockout" functionality in an authorizer after x number of failed attempts? 
Avatar of Kimputer
Kimputer

Correct, you can set your own x after y attempt for z minutes.
I/M/O, a better approach would be to use the web server with credential qualification or allow the customers to email files as attachments.  Opening an FTP port toward the internet will eventually result in disaster, and "eventually" will be very quick if it is FTP without security.

You could lock down the traffic on that port to only accept from customer CIDR ranges, but this means somebody must continually add and prune that list, and it also means that when a client is out of their office the service is unavailable.
Business to business is usually fixed IPs/servers. It's very common in B2B scenario to use IP white listing.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial