You can use the shared web configuration stuff in IIS 7 to copy source
directories over the network. (Can't give a walkthrough at the moment as I'm
on the road and don't have any of my WS08 boxen with me [gasp! Bad geek!])

Laura

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Thor (Hammer of God)
Sent: Monday, January 21, 2008 1:25 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: FTP on IIS

Indeed - I've been running 2008 for a while now. There are some very
cool security mechanisms built in - but, they will no doubt trip some
people up... (like how you can't copy content to web source directories
over the network, or how you can't directly edit web content in those
directories).

Native FTPS in 2008 IIS is quite nice, actually. But, IIS6 is still a
fine option - it is and has been secure OOB for a while - nothing like
IIS5 at all -- seems like people get stuck in the very distant past when
questions like this come up and everyone says "NEVER RUN IIS!!" - it's
quite silly, actually.

t

> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Ken Schaefer
> Sent: Sunday, January 20, 2008 10:15 PM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: RE: FTP on IIS
>
> Alternatively, if you can wait a few weeks, then Windows Server
> 2008/IIS 7.0 supports FTPS
>
> Cheers
> Ken
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Lucas, Mark J.
> Sent: Saturday, 19 January 2008 9:21 AM
> To: lauren.malhoit (at) tylertech (dot) com [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: RE: FTP on IIS
>
> IIS 6, which comes with Windows Server 2003, is quite secure out of
the
> box. Most of the evil holes that were present in IIS 5 and earlier
> have
> been patched. If you're forced to use IIS 5 or lower, I agree with
all
> the other comments. Use something else.
>
> When you select to install IIS, the minimum components needed for
> static
> HTML pages are already selected. For FTP, just deselect the web
> components and install the minimal FTP components.
>
> I would suggest using local GUEST accounts for authentication. I
would
> also suggest placing the FTP root on a separate partition with no
other
> files. Do not place the FTP root on the system partition.
>
> Do a Google search on "windows ftp security" for articles on setting
up
> Windows 2003 FTP.
>
> > -----Original Message-----
> > From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of
> > lauren.malhoit (at) tylertech (dot) com [email concealed]
> > Sent: Friday, January 18, 2008 10:58 AM
> > To: focus-ms (at) securityfocus (dot) com [email concealed]
> > Subject: FTP on IIS
> >
> > I'm preparing to build a new FTP server using IIS (or an IIS server
> using FTP??? I'm not
> > sure). Anyway, I was wondering if anyone could recommend some good
> sources on how to lock
> > it down. I need to configure it for an FTP site that anyone can get
> to and one that is
> > password protected. Thanks in advance!

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.19.9/1237 - Release Date: 1/22/2008
11:04 AM

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.19.9/1237 - Release Date: 1/22/2008
11:04 AM

[ reply ]