|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Most secure solution for ftp (IIS?)So I have a graphics person who wants anonymous ftp for print shops
and external consultants to upload graphics too big to email. Ok, easy enough, I went out and got Cerberus and put it on our spare DMZ server and set up anon access. A GUI client, a short sheet on how to set up a profile, log in and drag and drop files. Should be good to go, but that is too hard for the browser dummies and they insist all they need do is browse to the site and copy and paste files. So I guess IIS can support this (OK, so I am an IIS dummy) , I put on the ftp server, but there doesn't seem to be much with authentication control except accept/deny host settings. Seems horribly insecure to me. What is the easiest and safest way to implement this? I assume all I need to is set default ftp directory to a shared folder my internal users can browse (?). Recommended alternatives appreciated. thanks Hal IIS FTP doesn't support any mean of security, communication between client
and server is in clear text mode. You can get a third pary solution which support SSL or you can secure the connection via VPN. Moving on to server side, you can control access via proper NTFS permissions. E.g. if userA is not suppose to have access to certain folder, then do not grant read permission for userA on that particular folder. -- Show quoteHide quoteRegards, Bernard Cheah http://www.microsoft.com/iis/ http://www.iiswebcastseries.com/ http://www.msmvps.com/bernard/ <hal@nospam.com> wrote in message news:2rqra19kqsv5mum6i76c4idnlfh493t1e6@4ax.com... > So I have a graphics person who wants anonymous ftp for print shops > and external consultants to upload graphics too big to email. Ok, > easy enough, I went out and got Cerberus and put it on our spare DMZ > server and set up anon access. A GUI client, a short sheet on how to > set up a profile, log in and drag and drop files. Should be good to > go, but that is too hard for the browser dummies and they insist all > they need do is browse to the site and copy and paste files. So I > guess IIS can support this (OK, so I am an IIS dummy) , I put on the > ftp server, but there doesn't seem to be much with authentication > control except accept/deny host settings. Seems horribly insecure to > me. What is the easiest and safest way to implement this? I assume > all I need to is set default ftp directory to a shared folder my > internal users can browse (?). Recommended alternatives appreciated. > > thanks > > Hal On Mon, 13 Jun 2005 14:35:30 -0600, hal@nospam.com wrote:
>So I have a graphics person who wants anonymous ftp for print shops You could start with using authenticated users.>and external consultants to upload graphics too big to email. Ok, >easy enough, I went out and got Cerberus and put it on our spare DMZ >server and set up anon access. A GUI client, a short sheet on how to >set up a profile, log in and drag and drop files. Should be good to >go, but that is too hard for the browser dummies and they insist all >they need do is browse to the site and copy and paste files. So I >guess IIS can support this (OK, so I am an IIS dummy) , I put on the >ftp server, but there doesn't seem to be much with authentication >control except accept/deny host settings. Seems horribly insecure to >me. What is the easiest and safest way to implement this? I assume >all I need to is set default ftp directory to a shared folder my >internal users can browse (?). Recommended alternatives appreciated. Jeff As already said, you can use Authentication and then control access using
NTFS. Another solution is to use WebDav over SSL (so you do not send the credentials in clear text). -- Show quoteHide quoteRegards, Kristofer Gafvert (IIS MVP) www.gafvert.info - My Articles and help www.ilopia.com hal@nospam.com wrote: > So I have a graphics person who wants anonymous ftp for print shops > and external consultants to upload graphics too big to email. Ok, > easy enough, I went out and got Cerberus and put it on our spare DMZ > server and set up anon access. A GUI client, a short sheet on how to > set up a profile, log in and drag and drop files. Should be good to > go, but that is too hard for the browser dummies and they insist all > they need do is browse to the site and copy and paste files. So I > guess IIS can support this (OK, so I am an IIS dummy) , I put on the > ftp server, but there doesn't seem to be much with authentication > control except accept/deny host settings. Seems horribly insecure to > me. What is the easiest and safest way to implement this? I assume > all I need to is set default ftp directory to a shared folder my > internal users can browse (?). Recommended alternatives appreciated. > > thanks > > Hal 
Other interesting topics
Problem w/ Integrated Auth -- Receiving User/Pass dialog box against IIS6
integrated vs basic Accessing Site as Anonymous ASP.NET app permissions Passing User Credentials to site running under Integrated Security Logging into website - remove log in box Anonymous access not working Server attack - info please? Can't get rid of localstart.asp Custom erorr messages |
|||||||||||||||||||||||
