mailing list archives
Re: Secure FTP
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sat, 24 Mar 2007 00:52:26 +0100
On 2007-03-20 aaronr () imcu com wrote:
We have a public facing FTP server that we would like to secure. We
are running a MS 2003 Active Directory domain and this box is running
on Win2k Server. What is the best way to secure this FTP server?
I've tried SFTP, but was just curious as to what else is out there.
Right now we are using the builtin IIS FTP server. Our goal is to
provide a public FTP server so that clients or customers can dropoff
large files there without the need to e-mail them. We aren't too keen
on the fact that FTP is cleartext and these are domain user/pass going
back and forth. Plus, we are a financial institution and any way to
encrypt this traffic would definitely be a plus....even if we have to
provide a link to connecting clients so that they can download a free
secure FTP client.
The easiest way would be using SSL-encrypted WebDAV, AFAICS.
"All vulnerabilities deserve a public fear period prior to patches
--Jason Coombs on Bugtraq