Home page logo

basics logo Security Basics mailing list archives

Re: Secure FTP
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sat, 24 Mar 2007 00:52:26 +0100

On 2007-03-20 aaronr () imcu com wrote:
We have a public facing FTP server that we would like to secure.  We
are running a MS 2003 Active Directory domain and this box is running
on Win2k Server.  What is the best way to secure this FTP server?
I've tried SFTP, but was just curious as to what else is out there.
Right now we are using the builtin IIS FTP server.  Our goal is to
provide a public FTP server so that clients or customers can dropoff
large files there without the need to e-mail them.  We aren't too keen
on the fact that FTP is cleartext and these are domain user/pass going
back and forth.  Plus, we are a financial institution and any way to
encrypt this traffic would definitely be a plus....even if we have to
provide a link to connecting clients so that they can download a free
secure FTP client.

Any thoughts?

The easiest way would be using SSL-encrypted WebDAV, AFAICS.


Ansgar Wiechers
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]