|
Focus on Microsoft
FTP on IIS Jan 18 2008 06:57PM lauren malhoit tylertech com (6 replies) RE: FTP on IIS Jan 18 2008 10:20PM Lucas, Mark J. (mjlucas caltech edu) (3 replies) RE: FTP on IIS Jan 21 2008 06:15AM Ken Schaefer (Ken adOpenStatic com) (2 replies) RE: FTP on IIS Jan 21 2008 06:25PM Thor (Hammer of God) (thor hammerofgod com) (2 replies) RE: FTP on IIS Jan 22 2008 08:01AM Ken Schaefer (Ken adOpenStatic com) (1 replies) RE: FTP on IIS Jan 22 2008 05:11PM Thor (Hammer of God) (thor hammerofgod com) (1 replies) RE: FTP on IIS Jan 23 2008 07:08AM Ken Schaefer (Ken adOpenStatic com) (2 replies) IIS 7 Application Pool isolation WAS RE: FTP on IIS Jan 31 2008 11:36AM Ken Schaefer (Ken adOpenStatic com) Re: FTP on IIS Jan 18 2008 08:02PM Andrea Gatta (andrea gatta gmail com) (1 replies) |
|
|
Privacy Statement |
The very nature of FTP is insecure because the passwords used for
authentication are sent in the clear. Your best bet would be to use
some type of third-party FTP server/daemon that allows you to use FTP
over SSL. Currently IIS (v5.0 and 6.0) does not support this natively.
If you are stuck with IIS, then you could only allow FTP access via a
VPN. From there you can lock the site directories down using NTFS
permissions All in all there isn't a whole lot IIS can do natively to
"secure" an FTP site.
Just my $.02
Ryan
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of lauren.malhoit (at) tylertech (dot) com [email concealed]
Sent: Friday, January 18, 2008 1:58 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: FTP on IIS
I'm preparing to build a new FTP server using IIS (or an IIS server
using FTP??? I'm not sure). Anyway, I was wondering if anyone could
recommend some good sources on how to lock it down. I need to configure
it for an FTP site that anyone can get to and one that is password
protected. Thanks in advance!
[ reply ]