Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: securing an FTP service

from [Davide] Network Security [Permanent Link]
Subject: Re: securing an FTP service
Date: 24 Nov 2004 15:15:22 -0000 
In-Reply-To: <41A043F900025D3B@vsmtp2alice.tin.it (added by 
postmaster@aliceposta.it)>

thanks  pingywon and alessandro for your hints.
yes, the lan is natted. FTP service on the firewall
is redirected to the Server. I understand the fact that
since at branch office IP is dynamic i cannot
reject (at the firewall level) ftp requests
that do not come from IP others than branch office's.

But I think I failed to explain the prospected solution:
the ftp-server is placed in the DMZ
(internet)---(router)---(firewall)---(ftp-server)---(internal firewall AKA 
"holed fiewall")---(LAN)---(computer hosting the ftproot)

i.e. the ftproot sits in another computer inside the LAN. this would expose to 
the DMZ the NETBIOS sharing
needed to the ftp-server to access the ftproot:
on the internal firewall, netbios ports should be 
redirected to the computer hosting the ftproot.
On the computer hosting the ftproot, we configure:
.a folder, containig the documents, read-only;
.another folder used to host the files the remote
user finally needs to give (put) to the colleagues
with read/write/delete access.
. users in the central office access the ftproot 
as any normal shared resource in the LAN.

Does this setup give any sense?

thanks
davide


On Tuesday 23 November 2004 00:11, Davide wrote:




(internet)---(router)---(firewall)---(LAN)---(server)



the LAN is NATted? If so, you'll need to set Port Address 
Translation on the firewall/nat.


[...]

takers?).

Cheers

-- 
Alessandro Bottonelli, CISSP & BS7799 Lead Auditor
AXIS-NET Privacy & InfoSec Consulting
http://www.axis-net.it
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Basic questions about RADIUS authentication, Roger A. Grimes
Next by Date:  Re: Documentation on HPOV - NNM, thitima rungpati
Previous by Thread:  Re: Bestcrypt brute force, GuidoZ
Next by Thread:  sesecuring access to workgroup for notebooks, Davide
Indexes:  [Date] [Thread] [Top] [All Lists]