Re: Please help with my lack of understanding

Then the trick is not to do what "most people" do ...

I never said to open the firewall to all traffic. When I set something like this up, I set up the firewall to allow VPN/PPTP/GRE traffic through to the server, and nothing else.


"Leythos" <void@xxxxxxxxxxx> wrote in message news:MPG.21c98ef396d430bb989895@xxxxxxxxxxxxxxxxxxxx
In article <1C1C1AC8-CF8E-48E1-BC74-3E1DD01A1659@xxxxxxxxxxxxx>, x@xxx
says...
If he's connecting from a Windows box (XP, Vista, 2000), it would be far
more secure to shut down the FTP server and have him connect via VPN
connection. Then he can copy the files to his PC via simple drag-and-drop.
And you don't have the FTP server exposed to the Internet.

Except that by VPN, since most people create an ALL PORTS + IP type vpn,
instead of just locking it down, he could use a real firewall and limit
ports through it to just FTP.

He could also setup FileZilla FTP with authentication and better
security and even limit the IP Range it accepts connections from.

I really dislike when people do VPN's that don't have the ability to
limit what comes through the VPN - as an example, when we create VPN's
for remote users we limit the traffic to just TCP 3389 and the single IP
of the terminal server that if their home/local computer is compromised
we don't get it (as only one measure of protection).

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)

.

Relevant Pages

  • Re: ftp hangs
    ... I strongly suspect the firewall is causing the problem, but what is odd is that I have an ftp server on an HP C3600 running HP-UX 11 too, and that works fine if that is connected instead. ... I managed to get a listing back by telling my ftp client to use Passive mode. ... Opening ASCII mode data connection for /bin/ls. ...
    (comp.unix.solaris)
  • Re: how do i close an app that has no forms?
    ... FTP connections through Internet Explorer send info ... If you don't have a firewall ... > a connection is instantiated with a server. ... > a request is sent to the FTP server, ...
    (microsoft.public.vb.general.discussion)
  • [NEWS] Multiple Firewalls Ruleset Bypass through FTP Revisited
    ... a new attack method affected most leading firewall ... connect to a restrictive port. ... resend control strings supplied by the attacker that a vulnerable firewall ... Connect to FTP server and log on ...
    (Securiteam)
  • Re: tried everything- cannot publish to web
    ... the path to the FTP server correctly, ... firewall, and/or a third party firewall included in a antivirus suite, or a ... looking at the instructions from Yahoo about how to upload your site, ... how to use their control panel to upload your files. ...
    (microsoft.public.publisher.webdesign)
  • Re: Ftp server behind a router issue
    ... A firewall must protect the ... It means that DMZ is separated from Internet ... If your local ftp server uses a private IP address and DLink DI-604 firewall ... In your case, you access your ftp server from Internet, maybe PORT command ...
    (comp.security.firewalls)