Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: securing an FTP service

from [Alessandro Bottonelli] Network Security [Permanent Link]
Subject: Re: securing an FTP service
Date: Tue, 23 Nov 2004 09:26:17 +0100 
On Tuesday 23 November 2004 00:11, Davide wrote:


(internet)---(router)---(firewall)---(LAN)---(server)


the LAN is NATted? If so, you'll need to set Port Address 
Translation on the firewall/nat.


employees access from a remote location office using their win
logon credentials (no anonym access is provided). The local
branch office acceses internet with a dinamic IP provided by
ISP. What security concerns are rised in this setting?


First, you don't know your branch offices IP address in advance, 
so you cannot filter traffic based on source IP address.


Should
I use a DMZ, using the server to provide FTP services and
moving the ftproot folder to another server INSIDE the DMZ
(linked to a shared folder)? 


I personally see this solution as being bad... You are moving 
company's data in the DMZ, not a good idea in principle...


How can I overcome the problem
that FTP passwords are transmitted not enchrypted? Should a
VPN between HQ provide the panacea for these problems?


VPN is a solution, maybe FTP over SSL is another (but I am not 
familiar with Microsoft to point you to a specific product, any 
takers?).

Cheers

-- 
Alessandro Bottonelli, CISSP & BS7799 Lead Auditor
AXIS-NET Privacy & InfoSec Consulting
http://www.axis-net.it
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: sesecuring access to workgroup for notebooks, Alessandro Bottonelli
Next by Date:  Re: securing an FTP service, Raphaël Rigo ML
Previous by Thread:  RE: securing an FTP service, pingywon
Next by Thread:  Re: securing an FTP service, Raphaël Rigo ML
Indexes:  [Date] [Thread] [Top] [All Lists]