SecurityFocus

FTP on IIS Jan 18 2008 06:57PM
lauren malhoit tylertech com (6 replies)

RE: FTP on IIS Jan 18 2008 10:20PM
Lucas, Mark J. (mjlucas caltech edu) (3 replies)

RE: FTP on IIS Jan 21 2008 08:48AM
Antti Laatikainen santen fi

RE: FTP on IIS Jan 21 2008 06:15AM
Ken Schaefer (Ken adOpenStatic com) (2 replies)

RE: FTP on IIS Jan 21 2008 06:39PM
Nick Wells (nick clandestineresearch com)

ISA's also quite helpful for securing IIS HTTP/FTP. I don't think FTP
proxying on ISA is quite where HTTP is, but I just use ISA to restrict based
on IP Address (thanks Thor).

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Ken Schaefer
Sent: Monday, January 21, 2008 1:15 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: FTP on IIS

Alternatively, if you can wait a few weeks, then Windows Server 2008/IIS 7.0
supports FTPS

Cheers
Ken

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Lucas, Mark J.
Sent: Saturday, 19 January 2008 9:21 AM
To: lauren.malhoit (at) tylertech (dot) com [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: FTP on IIS

IIS 6, which comes with Windows Server 2003, is quite secure out of the
box. Most of the evil holes that were present in IIS 5 and earlier have
been patched. If you're forced to use IIS 5 or lower, I agree with all
the other comments. Use something else.

When you select to install IIS, the minimum components needed for static
HTML pages are already selected. For FTP, just deselect the web
components and install the minimal FTP components.

I would suggest using local GUEST accounts for authentication. I would
also suggest placing the FTP root on a separate partition with no other
files. Do not place the FTP root on the system partition.

Do a Google search on "windows ftp security" for articles on setting up
Windows 2003 FTP.

> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
[mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of
> lauren.malhoit (at) tylertech (dot) com [email concealed]
> Sent: Friday, January 18, 2008 10:58 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: FTP on IIS
>
> I'm preparing to build a new FTP server using IIS (or an IIS server
using FTP??? I'm not
> sure). Anyway, I was wondering if anyone could recommend some good
sources on how to lock
> it down. I need to configure it for an FTP site that anyone can get
to and one that is
> password protected. Thanks in advance!

[ reply ]

RE: FTP on IIS Jan 21 2008 06:25PM
Thor (Hammer of God) (thor hammerofgod com) (2 replies)

RE: FTP on IIS Jan 22 2008 09:13PM
Geekwench (geekwench hotmail com)

RE: FTP on IIS Jan 22 2008 08:01AM
Ken Schaefer (Ken adOpenStatic com) (1 replies)

RE: FTP on IIS Jan 22 2008 05:11PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)

RE: FTP on IIS Jan 23 2008 07:08AM
Ken Schaefer (Ken adOpenStatic com) (2 replies)

IIS 7 Application Pool isolation WAS RE: FTP on IIS Jan 31 2008 11:36AM
Ken Schaefer (Ken adOpenStatic com)

RE: FTP on IIS Jan 23 2008 06:18PM
Thor (Hammer of God) (thor hammerofgod com)

RE: FTP on IIS Jan 19 2008 03:34AM
Nick Wells (nick clandestineresearch com)

RE: FTP on IIS Jan 18 2008 10:10PM
Smith, Ryan (rsmith cff org)

RE: FTP on IIS Jan 18 2008 09:39PM
Nick Wells (nick clandestineresearch com)

Re: FTP on IIS Jan 18 2008 08:57PM
Alexander Gran (Alexander Gran web de)

Re: FTP on IIS Jan 18 2008 08:02PM
Andrea Gatta (andrea gatta gmail com) (1 replies)

Re: FTP on IIS Jan 18 2008 08:46PM
Kosala Atapattu (kosala atapattu gmail com) (1 replies)

Re: FTP on IIS Jan 19 2008 04:39PM
pinowudi (pinowudi gmail com)

Re: FTP on IIS Jan 18 2008 07:44PM
Ali, Saqib (docbook xml gmail com)