Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Choosing FTP clients and FTP server 2

Status
Not open for further replies.

gbl

MIS
Sep 6, 2001
262
CA
There doesn't seem to be a category here strictly for FTP, so I am writing this here since we could need the ftp server on our win2k server.
My office is a 20 station network with windows 2000 and xp professional on all but three clients. The servers are windows 2000 server. We need to allow clients to transmit files to us that may exceed the size allowed by their ISP's mailboxes. These clients may not have CD writers, so we are thinking of a way to allow the clients to upload their data to our network.
I think FTP would be good for this, but it must have these features:
(1) prevent viruses or files infected with viruses from getting uploaded,
(2) allow multiple users and clients to access ftp but only access their own files/folder area and not see any other user/client's files in the file save area, or access areas we would not want them to go,
(3) allow admin to shadow the user accessing the ftp site (if permitted by law),
(4) allow us to setup user ids and passwords.

Does the Microsoft FTP service cover these issues? Would another party's FTP server do a better job? We also have to allow that the clients are not necessarily computer sophisticated.
Do we need to set up a separate server for this and do we need to obtain an external IP address? I presume security and virus issues can be controlled by the firewall and symantec antivirus corporate edition.

Thanks for any help.
 
To answer your questions in order:

1: No. However, setup a virus scanner to scan the folders every so often. I haven't had to use this feature I am sure there is one (NAV maybe) that scans uploaded files. Server doesn't offer the feature built in.

2:No. Microsoft can't actually hide folders but you can protect them through NTFS permissions. Control access to files/folders using NTFS.

3:No. That is more or a Terminal Services feature. And besides what would you want to shadow? All the user can do is upload/download files. Not much to shadow. If you want to track users, then audit the FTP folder(s)

4:You can use Active directory authentication if the users are members of your domain. You could create an SQL database as a user/id/password data store but NTFS would pose an issue.

I would create a seperate server for this function and place it outside your firewall. Be sure to implement the Microsoft Lockdown tool for IIS. Allow users internally to access the FTP Server, but block External Users access to your network using the firewall. Yes, you will need an external IP.

As for 3rd party FTP servers, that run under windows, don't know of any. Maybe use a Linux/Unix type......

Hewissa

MCSE, CCNA, CIW
 
I think a second opinion maybe in order. Don't mean to barge in.

1. No. And hewissa is right about periodically scanning the ftp drives, run it as a task daily or weekly.

2. Yes. All ftp servers provide users with private directories to store their information and you can also setup groups for those who work together.

3. Yes. Most ftp servers will allow you to monitor user activities realtime and historical accesses and activities if so enabled.

4. Yes. All ftp servers allow you to create users along with the abilities to define pathways for those users. Permissions to what files individually or by group, etc.

For a small office, I would have a look at Course you can always go with a linux or unix ftp server which would preform better imho.

Regards,

U92
 
Thank you, U92, for the second opinion. Your comments do raise some questions which I hope you are willing to debate. If anything, I hope you can enlighten me on some of the workings of FTP. I appologize if this is taken as an attack, not meant to be, I just need some clarification.

You state that most FTP servers allow for numerous features however, in addressing gbl's post, he is concerned with Microsoft FTP.

Statement 2:All ftp servers provide users with private directories to store their information and you can also setup groups for those who work together. I would agree with this statement, though, how would the FTP server know to point to a users folder directly if pass-through authentication isn't enabled? And pass-through authentication can only be enabled if the users account exsists in AD. Restriction to those folders have to be based on NTFS permissions. Which leads me to statement 4

Statement 4:Yes. All ftp servers allow you to create users along with the abilities to define pathways for those users. Permissions to what files individually or by group, etc.Under IIS, the administrator has 2 choices for user access, Anonymous and the "Grant Operator priledges to Windows User Accounts for this FTP site only". Which means that anyone can access the FTP server (Anonymous)or those with AD accounts can access the server. The underlying message here is that gbl's clients must be members of his domain for them to access the FTP "secured" area. Which also means that should an outside client gain access to a local computer, then technically they can gain access to the network. Security issues here since he is refering to clients, which to me would be outside users.

Statement 3: Where is shadowing enabled on a Win2K FTP Server?

Hewissa

MCSE, CCNA, CIW
 
I'm not as familiar with MSFTP as I would like, however I do not see why he would use passthrough authentication and I agree with #4 as well.

I was refering more along the lines of third party ftp servers for a small office. I was targeting my comments more along his question: "Would another party's FTP server do a better job?".


I use IPSwitches WS_FTP Server for our office which works perfectly for our needs. BPFTP is good as well along with the fact that its cheaper then IPSwitch's, that way he can get used to maintaining an ftp server cheaper and in a more simplier method.

I'm afraid that I really couldn't debate the MS FTP server because I simply don't use it. For our small office needs MSFTP really is just to much since we can setup and implement WS_FTP Server faster, simplier and it handles the traffic in an efficient manner.

We also use OpenBSD for our heavy traffic ftp our clients use and if he was asking about a unix solution I could go into more detail.
 
Thanks for all the valuable comments and suggestions everyone! I am looking over your comments and will let you know what I am doing. In the meantime, any more comments are still helpful.
 
One of the draw backs of a Microsoft FTP server is that ther is no SSL built in. You have to add on third party tools for this.

Otherwise, FTP is easy to implement and works great.





Joseph L. Poandl
MCSE 2000

If your company is in need of experts to examine technical problems/solutions, please check out (Sales@njcomputernetworks.com)
 
I run the IT dept. for a digital photo lab that uses FTP for just the purpose that gbl wants. Our clients FTP us their digital files that are too big to email.
We use GuildFTP a freeware FTP server form Guildftp.com.
It is very comprehensive and fairly easy to set up.
It easily addresses points 2-4 of gbl's original post.
 
Joseph's comment raises the issue of SSL. I expect that I would be placing the ftp server on our firewall's DMZ. I would obviously need SSL. Do any of the other FTP products mentioned here have any security issues that have not been mentioned, such as the lack of SSL? Can this be resolved on the firewall? Should the ftp server in fact be placed on the DMZ or somewhere else?
I will also take a look at GuildFTP - thanks Carlcroom

Thanks again!
 
Sorry but the product is GuildFTPd at guildftpd.com.
Typing is the least of my skills
 
IPSwitch is SSL capable.

GuildFTP, I have heard of and it was recommended on TechTV as a good ftpd to look into for small business and personal ftp, I haven't used it but I've read good reviews of it and know a few people who have used it. The problem, in my opinion with using GuildFTPd is that it is a fairly new ftp server. Its latest release was 0.999.9 which is not even beta phase, though obviously its working just fine for the people who use it.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top