Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > **Secure** Ftp server

Reply
Thread Tools

**Secure** Ftp server

 
 
michele
Guest
Posts: n/a
 
      07-26-2004
Hi, i'm searching for a secure (i.e. without exploits or security holes) for
use in my windows server. I've take a look to serv-u or cerberus ftp, but
they are full of exploits!
Can anyone suggest me a secure (or the more secure) ftp server to use?
Thanks
Michele


 
Reply With Quote
 
 
 
 
\Crash\ Dummy
Guest
Posts: n/a
 
      07-26-2004
>Hi, i'm searching for a secure (i.e. without exploits or security holes) for
>use in my windows server. I've take a look to serv-u or cerberus ftp, but
>they are full of exploits!
>Can anyone suggest me a secure (or the more secure) ftp server to use?


Any server is only as secure as the administrator is knowledgeable about
securing it. Any FTP server can be secured, even Microsoft's. So pick the one
that is most familiar to you and learn how to use it.
--
Dave "Crash" Dummy - A weapon of mass destruction
http://www.velocityreviews.com/forums/(E-Mail Removed)?subject=Techtalk (Do not alter!)
http://lists.gpick.com


 
Reply With Quote
 
 
 
 
ObiWan
Guest
Posts: n/a
 
      07-26-2004
>> Hi, i'm searching for a secure (i.e. without exploits or security
>> holes) for use in my windows server. I've take a look to serv-u or
>> cerberus ftp, but they are full of exploits!
>> Can anyone suggest me a secure (or the more secure) ftp server to
>> use?

>
> Any server is only as secure as the administrator is knowledgeable
> about securing it. Any FTP server can be secured, even Microsoft's.
> So pick the one that is most familiar to you and learn how to use it.


Hi Dave I agree with this, although I've tried the filezilla ftp server
(filezilla.sourceforge.net) which afaict seems robust enough; btw as
you know there's no "surefire" solution, but the filezilla seems ok



 
Reply With Quote
 
\Crash\ Dummy
Guest
Posts: n/a
 
      07-26-2004
>Hi Dave I agree with this, although I've tried the filezilla ftp server
>(filezilla.sourceforge.net) which afaict seems robust enough; btw as
>you know there's no "surefire" solution, but the filezilla seems ok


Hi, ObiWan. Slumming?

I am not familiar with Filezilla, while I have of course heard of it. I have
always used Microsoft, but hesitate to mention it lest the MS bashers pile on.
As I said, any well known server will do the job, if set up correctly. It just
comes down to a matter of personal choice. The idiot behind the keyboard is
still the controlling factor when it comes to security.
--
Dave "Crash" Dummy - A weapon of mass destruction
(E-Mail Removed)?subject=Techtalk (Do not alter!)
http://lists.gpick.com


 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      07-26-2004
In article <(E-Mail Removed)>, "\"Crash\" Dummy"
<(E-Mail Removed)> says...
> >Hi Dave I agree with this, although I've tried the filezilla ftp server
> >(filezilla.sourceforge.net) which afaict seems robust enough; btw as
> >you know there's no "surefire" solution, but the filezilla seems ok

>
> Hi, ObiWan. Slumming?
>
> I am not familiar with Filezilla, while I have of course heard of it. I have
> always used Microsoft, but hesitate to mention it lest the MS bashers pile on.
> As I said, any well known server will do the job, if set up correctly. It just
> comes down to a matter of personal choice. The idiot behind the keyboard is
> still the controlling factor when it comes to security.


I use ServerZilla (FTP Server) on my Windows 2000 and 2003 servers - It
provides a much better interface and more control over the FTP users
than MS FTP does. You can set passwords, directories, performance,
etc... I've been running SZ for almost a year with 2 public facing FTP
servers and not had any problems.

--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
phn@icke-reklam.ipsec.nu
Guest
Posts: n/a
 
      07-26-2004
michele <(E-Mail Removed)> wrote:
> Hi, i'm searching for a secure (i.e. without exploits or security holes) for
> use in my windows server. I've take a look to serv-u or cerberus ftp, but
> they are full of exploits!
> Can anyone suggest me a secure (or the more secure) ftp server to use?
> Thanks
> Michele


Install any BSD distribution. All of them comes pretty secure and has
an included ftp server ( with alternatives easily installable if
you have special demands)

--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
 
Reply With Quote
 
ObiWan
Guest
Posts: n/a
 
      07-26-2004

>> Hi, ObiWan. Slumming?


Hi Dave ..... well, sometimes one
has to go down to the roots to see
what's going on

>> I am not familiar with Filezilla, while I have of course heard of
>> it. I have always used Microsoft, but hesitate to mention it lest
>> the MS bashers pile on.


Well the MS FTP service isn't bad, as long as you use it as an
anonymous server, on the other hand, using msftp with a bunch
of user accounts may become a nightmare since you'll need to
create each user account as a system user .. not something I
really like to do

>> As I said, any well known server will do the job


Agreed, but again, my preference for FZ Server is just due to
the fact that the users/groups/folders management interface
is easier to use when it comes to many users (and folders)
also, the FZ has some interesting features like kerberos
authentication and "z-mode" (compressed transfer mode)
not that I use them so much, but they're there if needed

> I use ServerZilla (FTP Server) on my Windows 2000 and 2003


Uhm ... Leythos, I suppose you're referring to FileZilla Server ?!?



 
Reply With Quote
 
ObiWan
Guest
Posts: n/a
 
      07-26-2004
>> Hi, i'm searching for a secure (i.e. without exploits or security
>> holes) for use in my windows server.


> Install any BSD distribution. All of them comes pretty secure and has
> an included ftp server ( with alternatives easily installable if
> you have special demands)


I may agree here, but the OP asked for _windows_ software, so ...



 
Reply With Quote
 
Hairy One Kenobi
Guest
Posts: n/a
 
      07-26-2004
"ObiWan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>


<snip>

> Agreed, but again, my preference for FZ Server is just due to
> the fact that the users/groups/folders management interface
> is easier to use when it comes to many users (and folders)
> also, the FZ has some interesting features like kerberos
> authentication and "z-mode" (compressed transfer mode)
> not that I use them so much, but they're there if needed
>
> > I use ServerZilla (FTP Server) on my Windows 2000 and 2003

>
> Uhm ... Leythos, I suppose you're referring to FileZilla Server ?!?


One and the same, AFAIK. Certainly seems secure enough (until the next
exploit ;o)

One oft-forgotten thing is to only permit the server to do what you need
(e.g. no uploads required? Inhibit them).

Ditto keeping the data on a non-system partition (and preferably drive). For
a dedicated NT-class server, it's useful to place the boot on drive C, the
data on (e.g.) D:, and the actual OS on E:/whatever

--

Hairy One Kenobi (no relation ;o)

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!


 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      07-26-2004
In article <QhbNc.1504$(E-Mail Removed)>, abuse@[127.0.0.1]
says...
> "ObiWan" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >

>
> <snip>
>
> > Agreed, but again, my preference for FZ Server is just due to
> > the fact that the users/groups/folders management interface
> > is easier to use when it comes to many users (and folders)
> > also, the FZ has some interesting features like kerberos
> > authentication and "z-mode" (compressed transfer mode)
> > not that I use them so much, but they're there if needed
> >
> > > I use ServerZilla (FTP Server) on my Windows 2000 and 2003

> >
> > Uhm ... Leythos, I suppose you're referring to FileZilla Server ?!?


Well, there are two parts to Zilla, one is the FTP Client and has no
hosting ability, the other is called Server Zilla and has the hosting
services. You can download both from most open-source sites.

> One and the same, AFAIK. Certainly seems secure enough (until the next
> exploit ;o)
>
> One oft-forgotten thing is to only permit the server to do what you need
> (e.g. no uploads required? Inhibit them).
>
> Ditto keeping the data on a non-system partition (and preferably drive). For
> a dedicated NT-class server, it's useful to place the boot on drive C, the
> data on (e.g.) D:, and the actual OS on E:/whatever


We actually configure the OS on the C drive, provide no access to
exposed accounts to it (unless specifically needed) and then create
partitions for customers data - we have a ton of 4GB partitions for FTP
space, and have found that SZ works great. I love the fact that I can
speed limit users.


--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
'Undifined commands' on FTP Server, when using FTP 'put' and 'quit' in Client Asaf Sinai Perl Misc 1 07-04-2006 01:02 PM
sun.net.ftp.FtpProtocolException: Error reading FTP pending reply long990802@gmail.com Java 3 12-11-2005 02:46 AM
$ftp->rget() does not work for MS Windows FTP Server semovrs@concord.edu Perl Misc 3 12-18-2004 08:03 AM
Net::FTP problems getting files from Windows FTP server, but not Linux FTP Server. D. Buck Perl Misc 2 06-29-2004 02:05 PM
FTP over SSL vs FTP over SSH someone Java 1 04-25-2004 03:30 PM



Advertisments