Davide wrote:
Hi everybody. would you please give me some hints for the followin
situation?
In a win-based network, a folder contains some documents
that have to be made available to company employees when
they are not in the HQ but they are in a local branch office
this is currently implemented by a FTP server (win 2kserver); the ftproot is
the root dir of the documents.
the server is connected to internet:
(internet)---(router)---(firewall)---(LAN)---(server)
employees access from a remote location office using their win logon
credentials (no anonym access is provided). The local branch office acceses
internet with a dinamic IP provided by ISP. What security concerns are rised in
this setting? Should I use a DMZ, using the server to provide FTP services and
moving the ftproot folder to another server INSIDE the DMZ (linked to a shared
folder)?
How can I overcome the problem that FTP passwords are transmitted not
enchrypted? Should a VPN between HQ provide the panacea for these problems?
thanks in advance
davide
Hello,
The problem is that (if I understand your network correctly), everybody
in the lan is able to sniff the passwords as they are transmitted in
plaintext. One of the easiest ways to get more security without changing
your network would be to use a TLS/SSL enabled FTP servers, along with
clients supporting this.
I am not aware of any TLS enabled FTP server for windows licensed under
a free license but a good commercial one is Blackmoon Ftp Server.
For the clients, still on Windows, I can only recommend FileZilla
(http://filezilla.sf.net) which is a really good FTP/SFTP Client
licensed under the GPL.
I hope this helps.
Raphaël
