Secure File Transfer Daemon/Server Needed Urgently

Discussion in 'Windows Networking' started by Fisheye, Sep 24, 2004.

  1. Fisheye

    Fisheye Guest

    Hi,
    We are after a way to transfer files securely to and from a
    SBS 2000 (soon to be 2003) host.

    VPN isn't an option here.

    Is there some other host/client program that is known to work on SBS?
    Could a Cygwin install running SSHD be the answer?
    -Fisheye
     
    Fisheye, Sep 24, 2004
    #1
    1. Advertisements

  2. You could setup a FTP site on the SBS server and require authentication for
    entry.

    Amy
     
    =?Utf-8?B?YW15QGhhcmJvcmNvbXB1dGVyc2VydmljZXM=?=, Sep 24, 2004
    #2
    1. Advertisements

  3. Fisheye

    Fisheye Guest

    Level of security for this? We wanted to avoid setting it up as an FTP
    standard,
    because FTP setup on another SBS server we have created had been hacked.

    So we were looking for something that was secure all the way through.

    Maybe there is a better way to lockdown SBS FTP now?

    Do you know any more about this?
    -F
     
    Fisheye, Sep 24, 2004
    #3
  4. It is only as good as your password. But you can setup users with their own
    strong passwords and provide access on a per folder basis. Be sure to
    restrict the user permissions. That way if they "hack" into one FTP folder
    that's as far as they get. Just keep in mind that an authenticated user uses
    up a license as long as they are logged in. In IIS you can also set the
    expiration time. So if the user were to login and forget to logout they would
    be automatically disconnected. If you've had a problem it may also be a good
    idea to setup a schedule in ISA for when the FTP connections are allowed.
    This would work if you knew that access would be between certain business
    hours say. It's a little bit like security by obsecurtiy but every little bit
    helps. If the hacker gets frustrated they'll go for easier pickings elsewhere.

    Third party products will work too. You'll just have to configure ISA for
    the appropriate access. I was simply attempting to provide a solution that
    didn't require you to go out and purchase another software package. I usually
    find that people forget about FTP.
     
    =?Utf-8?B?YW15QGhhcmJvcmNvbXB1dGVyc2VydmljZXM=?=, Sep 24, 2004
    #4
  5. Fisheye

    Fisheye Guest

    Does "require authentication" use kerberos authentication to verify,
    instead of standard cleartext ftp authentication?
    Do you know?

    TIA
     
    Fisheye, Sep 24, 2004
    #5
  6. Another option is to see if your webhosting company or ISP offers FTP....
    that way it isn't on the LAN at all. I'd be nervous about opening up FTP to
    any SBS server anyway...even with good passwords. But then, I'm a bit of a
    freak.
     
    Lanwench [MVP - Exchange], Sep 24, 2004
    #6
  7. Fisheye

    Fisheye Guest

    Nice to hear lanwench!

    but the amusing thing here, is the ftp client side is a Telco.
    and the server side is one of their contractors.

    I think we will see about making the Telco host, and the contractor
    have the client side to it.

    Can't do anything till monday,

    Thanks for all your help Amy and Lanwench :)

    -Fisheye

    "Lanwench [MVP - Exchange]"
     
    Fisheye, Sep 24, 2004
    #7
  8. You'd think two Telcos-type companies who are that paranoid would just hire
    someone to spend a week writing them a propritary server/client ftp setup.
    Hope the client never gets given to anyone who shouldn't have it. Then
    (since at least one is a Telco) get the clients set up with numeric pagers
    and have them call in by voice, dial their IP and client # in. Then their
    pager will pop-up with the password thats good for the next, say, 2 minutes.

    That's the type of security you seem to be looking for, otherwise a properly
    secured FTP server (cleartext and all), with extra secure-file structure
    (denies, new path names, etc.) is pretty secure. If you don't like/trust
    Windows FTP server (can't blame you too much ;) ) BulletProof FTP Server
    (formerly Gene6FTP) is a nice FTP Server with all the bells.

    Good luck, it seems like a fun job :)
     
    Julio McTavish, Sep 24, 2004
    #8
  9. would FTP with SSL satisfy your security concern?
     
    SuperGumby [SBS MVP], Sep 24, 2004
    #9
  10. Fisheye

    Fisheye Guest

    Yes - that would be prefered, is there a secure sockets ftp?

    It will come down on Monday, when the Telco will be given the options.

    The files are encrypted anyway, the ip to accept transmitions will be
    locked down.

    I am just always so dubious of FTP, its so unsecure, and i just didn't want
    to open the SBS system open to that.

    TIS
    Fisheye
     
    Fisheye, Sep 24, 2004
    #10
  11. Fisheye

    Fisheye Guest

    Yes,
    quite true, I am not to concerned about the files the Telco's have.
    Those will be very highly encrypted anyway, its just opening
    the SBS server up to the ftp port.

    I am looking at Bulletproof now, thanks for the recommendation.
     
    Fisheye, Sep 24, 2004
    #11
  12. yes, WS_FTP and many others support SSL authentication.
     
    SuperGumby [SBS MVP], Sep 24, 2004
    #12
  13. Trevor OE News, Sep 24, 2004
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.