Secure File Transfer Daemon/Server Needed Urgently

Hi,
We are after a way to transfer files securely to and from a
SBS 2000 (soon to be 2003) host.

VPN isn't an option here.

Is there some other host/client program that is known to work on SBS?
Could a Cygwin install running SSHD be the answer?
-Fisheye

You could setup a FTP site on the SBS server and require authentication for
entry.

Amy


"Fisheye" wrote:

> Hi,
> We are after a way to transfer files securely to and from a
> SBS 2000 (soon to be 2003) host.
>
> VPN isn't an option here.
>
> Is there some other host/client program that is known to work on SBS?
> Could a Cygwin install running SSHD be the answer?
> -Fisheye
>
>
>

Level of security for this? We wanted to avoid setting it up as an FTP
standard,
because FTP setup on another SBS server we have created had been hacked.

So we were looking for something that was secure all the way through.

Maybe there is a better way to lockdown SBS FTP now?

Do you know any more about this?
-F

Amy Wrote:
> You could setup a FTP site on the SBS server and require authentication
> for
> entry.
>
> Amy
>
>
> "Fisheye" wrote:
>
>> Hi,
>> We are after a way to transfer files securely to and from a
>> SBS 2000 (soon to be 2003) host.
>>
>> VPN isn't an option here.
>>
>> Is there some other host/client program that is known to work on SBS?
>> Could a Cygwin install running SSHD be the answer?
>> -Fisheye
>>
>>
>>

It is only as good as your password. But you can setup users with their own
strong passwords and provide access on a per folder basis. Be sure to
restrict the user permissions. That way if they "hack" into one FTP folder
that's as far as they get. Just keep in mind that an authenticated user uses
up a license as long as they are logged in. In IIS you can also set the
expiration time. So if the user were to login and forget to logout they would
be automatically disconnected. If you've had a problem it may also be a good
idea to setup a schedule in ISA for when the FTP connections are allowed.
This would work if you knew that access would be between certain business
hours say. It's a little bit like security by obsecurtiy but every little bit
helps. If the hacker gets frustrated they'll go for easier pickings elsewhere.

Third party products will work too. You'll just have to configure ISA for
the appropriate access. I was simply attempting to provide a solution that
didn't require you to go out and purchase another software package. I usually
find that people forget about FTP.


"Fisheye" wrote:

> Level of security for this? We wanted to avoid setting it up as an FTP
> standard,
> because FTP setup on another SBS server we have created had been hacked.
>
> So we were looking for something that was secure all the way through.
>
> Maybe there is a better way to lockdown SBS FTP now?
>
> Do you know any more about this?
> -F
>
> Amy Wrote:
> > You could setup a FTP site on the SBS server and require authentication
> > for
> > entry.
> >
> > Amy
> >
> >
> > "Fisheye" wrote:
> >
> >> Hi,
> >> We are after a way to transfer files securely to and from a
> >> SBS 2000 (soon to be 2003) host.
> >>
> >> VPN isn't an option here.
> >>
> >> Is there some other host/client program that is known to work on SBS?
> >> Could a Cygwin install running SSHD be the answer?
> >> -Fisheye
> >>
> >>
> >>
>
>
>

Does "require authentication" use kerberos authentication to verify,
instead of standard cleartext ftp authentication?
Do you know?

TIA

Amy Wrote:
> It is only as good as your password. But you can setup users with their
> own
> strong passwords and provide access on a per folder basis. Be sure to
> restrict the user permissions. That way if they "hack" into one FTP folder
> that's as far as they get. Just keep in mind that an authenticated user
> uses
> up a license as long as they are logged in. In IIS you can also set the
> expiration time. So if the user were to login and forget to logout they
> would
> be automatically disconnected. If you've had a problem it may also be a
> good
> idea to setup a schedule in ISA for when the FTP connections are allowed.
> This would work if you knew that access would be between certain business
> hours say. It's a little bit like security by obsecurtiy but every little
> bit
> helps. If the hacker gets frustrated they'll go for easier pickings
> elsewhere.
>
> Third party products will work too. You'll just have to configure ISA for
> the appropriate access. I was simply attempting to provide a solution that
> didn't require you to go out and purchase another software package. I
> usually
> find that people forget about FTP.
>
>
> "Fisheye" wrote:
>
>> Level of security for this? We wanted to avoid setting it up as an FTP
>> standard,
>> because FTP setup on another SBS server we have created had been hacked.
>>
>> So we were looking for something that was secure all the way through.
>>
>> Maybe there is a better way to lockdown SBS FTP now?
>>
>> Do you know any more about this?
>> -F
>>
>> Amy Wrote:
>> > You could setup a FTP site on the SBS server and require authentication
>> > for
>> > entry.
>> >
>> > Amy
>> >
>> >
>> > "Fisheye" wrote:
>> >
>> >> Hi,
>> >> We are after a way to transfer files securely to and from a
>> >> SBS 2000 (soon to be 2003) host.
>> >>
>> >> VPN isn't an option here.
>> >>
>> >> Is there some other host/client program that is known to work on SBS?
>> >> Could a Cygwin install running SSHD be the answer?
>> >> -Fisheye
>> >>
>> >>
>> >>
>>
>>
>>

Another option is to see if your webhosting company or ISP offers FTP....
that way it isn't on the LAN at all. I'd be nervous about opening up FTP to
any SBS server anyway...even with good passwords. But then, I'm a bit of a
freak.

amy@harborcomputerservices wrote:
> It is only as good as your password. But you can setup users with
> their own strong passwords and provide access on a per folder basis.
> Be sure to restrict the user permissions. That way if they "hack"
> into one FTP folder that's as far as they get. Just keep in mind that
> an authenticated user uses up a license as long as they are logged
> in. In IIS you can also set the expiration time. So if the user were
> to login and forget to logout they would be automatically
> disconnected. If you've had a problem it may also be a good idea to
> setup a schedule in ISA for when the FTP connections are allowed.
> This would work if you knew that access would be between certain
> business hours say. It's a little bit like security by obsecurtiy but
> every little bit helps. If the hacker gets frustrated they'll go for
> easier pickings elsewhere.
>
> Third party products will work too. You'll just have to configure ISA
> for
> the appropriate access. I was simply attempting to provide a solution
> that didn't require you to go out and purchase another software
> package. I usually find that people forget about FTP.
>
>
> "Fisheye" wrote:
>
>> Level of security for this? We wanted to avoid setting it up as an
>> FTP standard,
>> because FTP setup on another SBS server we have created had been
>> hacked.
>>
>> So we were looking for something that was secure all the way through.
>>
>> Maybe there is a better way to lockdown SBS FTP now?
>>
>> Do you know any more about this?
>> -F
>>
>> Amy Wrote:
>>> You could setup a FTP site on the SBS server and require
>>> authentication for
>>> entry.
>>>
>>> Amy
>>>
>>>
>>> "Fisheye" wrote:
>>>
>>>> Hi,
>>>> We are after a way to transfer files securely to and from a
>>>> SBS 2000 (soon to be 2003) host.
>>>>
>>>> VPN isn't an option here.
>>>>
>>>> Is there some other host/client program that is known to work on
>>>> SBS? Could a Cygwin install running SSHD be the answer?
>>>> -Fisheye

Nice to hear lanwench!

but the amusing thing here, is the ftp client side is a Telco.
and the server side is one of their contractors.

I think we will see about making the Telco host, and the contractor
have the client side to it.

Can't do anything till monday,

Thanks for all your help Amy and Lanwench

-Fisheye

"Lanwench [MVP - Exchange]"
> Another option is to see if your webhosting company or ISP offers FTP....
> that way it isn't on the LAN at all. I'd be nervous about opening up FTP
> to
> any SBS server anyway...even with good passwords. But then, I'm a bit of a
> freak.
>
> amy@harborcomputerservices wrote:
>> It is only as good as your password. But you can setup users with
>> their own strong passwords and provide access on a per folder basis.
>> Be sure to restrict the user permissions. That way if they "hack"
>> into one FTP folder that's as far as they get. Just keep in mind that
>> an authenticated user uses up a license as long as they are logged
>> in. In IIS you can also set the expiration time. So if the user were
>> to login and forget to logout they would be automatically
>> disconnected. If you've had a problem it may also be a good idea to
>> setup a schedule in ISA for when the FTP connections are allowed.
>> This would work if you knew that access would be between certain
>> business hours say. It's a little bit like security by obsecurtiy but
>> every little bit helps. If the hacker gets frustrated they'll go for
>> easier pickings elsewhere.
>>
>> Third party products will work too. You'll just have to configure ISA
>> for
>> the appropriate access. I was simply attempting to provide a solution
>> that didn't require you to go out and purchase another software
>> package. I usually find that people forget about FTP.
>>
>>
>> "Fisheye" wrote:
>>
>>> Level of security for this? We wanted to avoid setting it up as an
>>> FTP standard,
>>> because FTP setup on another SBS server we have created had been
>>> hacked.
>>>
>>> So we were looking for something that was secure all the way through.
>>>
>>> Maybe there is a better way to lockdown SBS FTP now?
>>>
>>> Do you know any more about this?
>>> -F
>>>
>>> Amy Wrote:
>>>> You could setup a FTP site on the SBS server and require
>>>> authentication for
>>>> entry.
>>>>
>>>> Amy
>>>>
>>>>
>>>> "Fisheye" wrote:
>>>>
>>>>> Hi,
>>>>> We are after a way to transfer files securely to and from a
>>>>> SBS 2000 (soon to be 2003) host.
>>>>>
>>>>> VPN isn't an option here.
>>>>>
>>>>> Is there some other host/client program that is known to work on
>>>>> SBS? Could a Cygwin install running SSHD be the answer?
>>>>> -Fisheye
>
>

You'd think two Telcos-type companies who are that paranoid would just hire
someone to spend a week writing them a propritary server/client ftp setup.
Hope the client never gets given to anyone who shouldn't have it. Then
(since at least one is a Telco) get the clients set up with numeric pagers
and have them call in by voice, dial their IP and client # in. Then their
pager will pop-up with the password thats good for the next, say, 2 minutes.

That's the type of security you seem to be looking for, otherwise a properly
secured FTP server (cleartext and all), with extra secure-file structure
(denies, new path names, etc.) is pretty secure. If you don't like/trust
Windows FTP server (can't blame you too much ) BulletProof FTP Server
(formerly Gene6FTP) is a nice FTP Server with all the bells.

Good luck, it seems like a fun job

"Fisheye" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Does "require authentication" use kerberos authentication to verify,
> instead of standard cleartext ftp authentication?
> Do you know?
>
> TIA
>
> Amy Wrote:
>> It is only as good as your password. But you can setup users with their
>> own
>> strong passwords and provide access on a per folder basis. Be sure to
>> restrict the user permissions. That way if they "hack" into one FTP
>> folder
>> that's as far as they get. Just keep in mind that an authenticated user
>> uses
>> up a license as long as they are logged in. In IIS you can also set the
>> expiration time. So if the user were to login and forget to logout they
>> would
>> be automatically disconnected. If you've had a problem it may also be a
>> good
>> idea to setup a schedule in ISA for when the FTP connections are allowed.
>> This would work if you knew that access would be between certain business
>> hours say. It's a little bit like security by obsecurtiy but every little
>> bit
>> helps. If the hacker gets frustrated they'll go for easier pickings
>> elsewhere.
>>
>> Third party products will work too. You'll just have to configure ISA for
>> the appropriate access. I was simply attempting to provide a solution
>> that
>> didn't require you to go out and purchase another software package. I
>> usually
>> find that people forget about FTP.
>>
>>
>> "Fisheye" wrote:
>>
>>> Level of security for this? We wanted to avoid setting it up as an FTP
>>> standard,
>>> because FTP setup on another SBS server we have created had been hacked.
>>>
>>> So we were looking for something that was secure all the way through.
>>>
>>> Maybe there is a better way to lockdown SBS FTP now?
>>>
>>> Do you know any more about this?
>>> -F
>>>
>>> Amy Wrote:
>>> > You could setup a FTP site on the SBS server and require
>>> > authentication
>>> > for
>>> > entry.
>>> >
>>> > Amy
>>> >
>>> >
>>> > "Fisheye" wrote:
>>> >
>>> >> Hi,
>>> >> We are after a way to transfer files securely to and from a
>>> >> SBS 2000 (soon to be 2003) host.
>>> >>
>>> >> VPN isn't an option here.
>>> >>
>>> >> Is there some other host/client program that is known to work on SBS?
>>> >> Could a Cygwin install running SSHD be the answer?
>>> >> -Fisheye
>>> >>
>>> >>
>>> >>
>>>
>>>
>>>
>
>

would FTP with SSL satisfy your security concern?

--
Mick Malloy
http://www.micropol.com.au

"Fisheye" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Level of security for this? We wanted to avoid setting it up as an FTP
> standard,
> because FTP setup on another SBS server we have created had been hacked.
>
> So we were looking for something that was secure all the way through.
>
> Maybe there is a better way to lockdown SBS FTP now?
>
> Do you know any more about this?
> -F
>
> Amy Wrote:
>> You could setup a FTP site on the SBS server and require authentication
>> for
>> entry.
>>
>> Amy
>>
>>
>> "Fisheye" wrote:
>>
>>> Hi,
>>> We are after a way to transfer files securely to and from a
>>> SBS 2000 (soon to be 2003) host.
>>>
>>> VPN isn't an option here.
>>>
>>> Is there some other host/client program that is known to work on SBS?
>>> Could a Cygwin install running SSHD be the answer?
>>> -Fisheye
>>>
>>>
>>>
>
>

Yes - that would be prefered, is there a secure sockets ftp?

It will come down on Monday, when the Telco will be given the options.

The files are encrypted anyway, the ip to accept transmitions will be
locked down.

I am just always so dubious of FTP, its so unsecure, and i just didn't want
to open the SBS system open to that.

TIS
Fisheye

"SuperGumby [SBS MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> would FTP with SSL satisfy your security concern?
>
> --
> Mick Malloy
> http://www.micropol.com.au
>
> "Fisheye" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Level of security for this? We wanted to avoid setting it up as an FTP
>> standard,
>> because FTP setup on another SBS server we have created had been hacked.
>>
>> So we were looking for something that was secure all the way through.
>>
>> Maybe there is a better way to lockdown SBS FTP now?
>>
>> Do you know any more about this?
>> -F
>>
>> Amy Wrote:
>>> You could setup a FTP site on the SBS server and require authentication
>>> for
>>> entry.
>>>
>>> Amy
>>>
>>>
>>> "Fisheye" wrote:
>>>
>>>> Hi,
>>>> We are after a way to transfer files securely to and from a
>>>> SBS 2000 (soon to be 2003) host.
>>>>
>>>> VPN isn't an option here.
>>>>
>>>> Is there some other host/client program that is known to work on SBS?
>>>> Could a Cygwin install running SSHD be the answer?
>>>> -Fisheye
>>>>
>>>>
>>>>
>>
>>
>
>