**Secure** Ftp server

Hi, i'm searching for a secure (i.e. without exploits or security holes) for
use in my windows server. I've take a look to serv-u or cerberus ftp, but
they are full of exploits!
Can anyone suggest me a secure (or the more secure) ftp server to use?
Thanks
Michele

michele

>Hi, i'm searching for a secure (i.e. without exploits or security holes) for
>use in my windows server. I've take a look to serv-u or cerberus ftp, but
>they are full of exploits!
>Can anyone suggest me a secure (or the more secure) ftp server to use?

Any server is only as secure as the administrator is knowledgeable about
securing it. Any FTP server can be secured, even Microsoft's. So pick the one
that is most familiar to you and learn how to use it.
--
Dave "Crash" Dummy - A weapon of mass destruction
?subject=Techtalk (Do not alter!)
http://lists.gpick.com

\Crash\ Dummy

>> Hi, i'm searching for a secure (i.e. without exploits or security
>> holes) for use in my windows server. I've take a look to serv-u or
>> cerberus ftp, but they are full of exploits!
>> Can anyone suggest me a secure (or the more secure) ftp server to
>> use?
>
> Any server is only as secure as the administrator is knowledgeable
> about securing it. Any FTP server can be secured, even Microsoft's.
> So pick the one that is most familiar to you and learn how to use it.

Hi Dave I agree with this, although I've tried the filezilla ftp server
(filezilla.sourceforge.net) which afaict seems robust enough; btw as
you know there's no "surefire" solution, but the filezilla seems ok

ObiWan

>Hi Dave I agree with this, although I've tried the filezilla ftp server
>(filezilla.sourceforge.net) which afaict seems robust enough; btw as
>you know there's no "surefire" solution, but the filezilla seems ok

Hi, ObiWan. Slumming?

I am not familiar with Filezilla, while I have of course heard of it. I have
always used Microsoft, but hesitate to mention it lest the MS bashers pile on.
As I said, any well known server will do the job, if set up correctly. It just
comes down to a matter of personal choice. The idiot behind the keyboard is
still the controlling factor when it comes to security.
--
Dave "Crash" Dummy - A weapon of mass destruction
?subject=Techtalk (Do not alter!)
http://lists.gpick.com

\Crash\ Dummy

In article <>, "\"Crash\" Dummy"
<> says...
> >Hi Dave I agree with this, although I've tried the filezilla ftp server
> >(filezilla.sourceforge.net) which afaict seems robust enough; btw as
> >you know there's no "surefire" solution, but the filezilla seems ok
>
> Hi, ObiWan. Slumming?
>
> I am not familiar with Filezilla, while I have of course heard of it. I have
> always used Microsoft, but hesitate to mention it lest the MS bashers pile on.
> As I said, any well known server will do the job, if set up correctly. It just
> comes down to a matter of personal choice. The idiot behind the keyboard is
> still the controlling factor when it comes to security.

I use ServerZilla (FTP Server) on my Windows 2000 and 2003 servers - It
provides a much better interface and more control over the FTP users
than MS FTP does. You can set passwords, directories, performance,
etc... I've been running SZ for almost a year with 2 public facing FTP
servers and not had any problems.

--
--

(Remove 999 to reply to me)

Leythos

michele <> wrote:
> Hi, i'm searching for a secure (i.e. without exploits or security holes) for
> use in my windows server. I've take a look to serv-u or cerberus ftp, but
> they are full of exploits!
> Can anyone suggest me a secure (or the more secure) ftp server to use?
> Thanks
> Michele

Install any BSD distribution. All of them comes pretty secure and has
an included ftp server ( with alternatives easily installable if
you have special demands)

--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.

phn@icke-reklam.ipsec.nu

>> Hi, ObiWan. Slumming?

Hi Dave ..... well, sometimes one
has to go down to the roots to see
what's going on

>> I am not familiar with Filezilla, while I have of course heard of
>> it. I have always used Microsoft, but hesitate to mention it lest
>> the MS bashers pile on.

Well the MS FTP service isn't bad, as long as you use it as an
anonymous server, on the other hand, using msftp with a bunch
of user accounts may become a nightmare since you'll need to
create each user account as a system user .. not something I
really like to do

>> As I said, any well known server will do the job

Agreed, but again, my preference for FZ Server is just due to
the fact that the users/groups/folders management interface
is easier to use when it comes to many users (and folders)
also, the FZ has some interesting features like kerberos
authentication and "z-mode" (compressed transfer mode)
not that I use them so much, but they're there if needed

> I use ServerZilla (FTP Server) on my Windows 2000 and 2003

Uhm ... Leythos, I suppose you're referring to FileZilla Server ?!?

ObiWan

>> Hi, i'm searching for a secure (i.e. without exploits or security
>> holes) for use in my windows server.

> Install any BSD distribution. All of them comes pretty secure and has
> an included ftp server ( with alternatives easily installable if
> you have special demands)

I may agree here, but the OP asked for _windows_ software, so ...

ObiWan

"ObiWan" <> wrote in message
news:...
>

<snip>

> Agreed, but again, my preference for FZ Server is just due to
> the fact that the users/groups/folders management interface
> is easier to use when it comes to many users (and folders)
> also, the FZ has some interesting features like kerberos
> authentication and "z-mode" (compressed transfer mode)
> not that I use them so much, but they're there if needed
>
> > I use ServerZilla (FTP Server) on my Windows 2000 and 2003
>
> Uhm ... Leythos, I suppose you're referring to FileZilla Server ?!?

One and the same, AFAIK. Certainly seems secure enough (until the next
exploit ;o)

One oft-forgotten thing is to only permit the server to do what you need
(e.g. no uploads required? Inhibit them).

Ditto keeping the data on a non-system partition (and preferably drive). For
a dedicated NT-class server, it's useful to place the boot on drive C, the
data on (e.g.) D:, and the actual OS on E:/whatever

--

Hairy One Kenobi (no relation ;o)

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

Hairy One Kenobi

In article <QhbNc.1504$>, abuse@[127.0.0.1]
says...
> "ObiWan" <> wrote in message
> news:...
> >
>
> <snip>
>
> > Agreed, but again, my preference for FZ Server is just due to
> > the fact that the users/groups/folders management interface
> > is easier to use when it comes to many users (and folders)
> > also, the FZ has some interesting features like kerberos
> > authentication and "z-mode" (compressed transfer mode)
> > not that I use them so much, but they're there if needed
> >
> > > I use ServerZilla (FTP Server) on my Windows 2000 and 2003
> >
> > Uhm ... Leythos, I suppose you're referring to FileZilla Server ?!?

Well, there are two parts to Zilla, one is the FTP Client and has no
hosting ability, the other is called Server Zilla and has the hosting
services. You can download both from most open-source sites.

> One and the same, AFAIK. Certainly seems secure enough (until the next
> exploit ;o)
>
> One oft-forgotten thing is to only permit the server to do what you need
> (e.g. no uploads required? Inhibit them).
>
> Ditto keeping the data on a non-system partition (and preferably drive). For
> a dedicated NT-class server, it's useful to place the boot on drive C, the
> data on (e.g.) D:, and the actual OS on E:/whatever

We actually configure the OS on the C drive, provide no access to
exposed accounts to it (unless specifically needed) and then create
partitions for customers data - we have a ton of 4GB partitions for FTP
space, and have found that SZ works great. I love the fact that I can
speed limit users.


--
--

(Remove 999 to reply to me)

Leythos