Yes - VPNing to the location would over come the plain text password
transferal along with encrypting all data coming off the FTP
-----Original Message-----
From: Davide [mailto:ak_71@libero.it]
Sent: Monday, November 22, 2004 18:12
To: security-basics@securityfocus.com
Subject: securing an FTP service
Hi everybody. would you please give me some hints for the followin
situation?
In a win-based network, a folder contains some documents
that have to be made available to company employees when
they are not in the HQ but they are in a local branch office
this is currently implemented by a FTP server (win 2kserver); the ftproot is
the root dir of the documents.
the server is connected to internet:
(internet)---(router)---(firewall)---(LAN)---(server)
employees access from a remote location office using their win logon
credentials (no anonym access is provided). The local branch office acceses
internet with a dinamic IP provided by ISP. What security concerns are rised
in this setting? Should I use a DMZ, using the server to provide FTP
services and moving the ftproot folder to another server INSIDE the DMZ
(linked to a shared folder)?
How can I overcome the problem that FTP passwords are transmitted not
enchrypted? Should a VPN between HQ provide the panacea for these problems?
thanks in advance
davide
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004
