Re: FTP External Intranet Access

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Liam wrote:
I am hoping that someone can clearly explain why I should not host an FTP on my SBS 2003 box.
As well I need an explanation why I should not allow my intranet to be acecssible over the internet.

I understand that FTP passwords go in clear text but if I lock down the FTP to one directory and its sub folders why not do it.

For years I have just taken this as a given: DO NOT HOST FTP on SBS 2003. It sounds like a no brainer to not host FTP on a domain controller. but
the other day a senior (read smarter than I) technical lead said "How does it pose a risk?"
I was at a loss for a good detailed explanation.

Can you help me?

liam

It's more of a matter of risk of someone being in the right place at the right time.

There's a user name and password that has access to a location on that firm's domain controller. If the password would get accidentally posted somewhere, or worst case scenario, someone running a sniffer between you and the other party would be able to read that username/password.

Given how cheap it is to have external FTP sites, personally I think it's a shifting the risk to the other site and not yours.

If the other site's ftp password gets in the wrong hands for whatever reason, it's a security non issue. You clean up the hosted server and go on with life.

You lose the ftp password on that domain controller, you then have to ensure that you truly did have the permissions set up and they aren't able to get in anywhere else.

Balancing out the risk, it's easier when the possibility of external access and security is somewhere else and not your domain controller.
.

Relevant Pages

  • Re: using ftp to log into a password protected ftp
    ... If you want the security of a password-protected FTP site, ... Automate the backups to your local system. ... The issue is relative risk, ...
    (microsoft.public.windowsxp.general)
  • Re: FTP External Intranet Access
    ... Any service running on your box that is open to the outside world is a potential attack vector. ... Some application-aware security devices can help further reduce the risk, ... By running an FTP server, you increase the chances of a vulnerability being discovered that can be exploited on your server. ... Exposing sharepoint increases your risk, just by the fact that it is exposed. ...
    (microsoft.public.windows.server.sbs)
  • Re: Still problems with connecting to FTP site
    ... > I have a Windows 2000 Advanced Server domain controller for the test.local> domain, another windows 2000 Advanced Server machine is a memberserver in> the test.local domain. ... > On the memberserver IIS 5 is installed and I want to use FTP to put files on> the memberserver. ... > When I want to connect to the FTP server I can login with the local user> account, but I can't login with the domain user account. ... > On the domain controller the domain user has logon locally rights through> the Domain Controller Security Policy. ...
    (microsoft.public.inetserver.iis.ftp)
  • RE: Securely connecting to FTP
    ... someone have suffciant knowledge to do it software wise? ... Between your home and ISP I wouldn't say there is a risk, ... So maybe it's paranoid but it would be annoying if someone sniffed my creds when I Was unsecurely connecting to the FTP to upload files to the website, but then could use those to log on to my ISP toolbox, webmail, etc. ...
    (Security-Basics)
  • Re: FTP security risks
    ... Risk? ... and deploy vpn and etc to secure the connection. ... > I'm planning to set up an ftp server behind the firewall with NAT on the ...
    (microsoft.public.inetserver.iis.ftp)