FTP client help

[texan01]

I got this from a customer of mine, need help understanding what I can do to help them resolve this, thanks for any help.


There is an FTP client that allows anonymous logins which is a security risk to the network as determined by a network vulnerability scan conducted by our data security office.

 

[janaya]

Yes, this is needed for access to different functions within the Call Pilot system. The anonymous login requirements are part of the Windows Server setup. If they are worried about this setup then you need to see if they do any of the following:

1. Access Call Pilot Manager to make admin changes
2. Have Desktop Messaging in place
3. Backup the system to a network file.

If they do not do any of these, take it off their network. Call Pilot does not need to be on the customer network to run.

If they are then an agreement will have to be made on the login type. In the DOD world, the government "Hardens" the Call Pilot server, but it does take down a few functions.

If a change to a menu is needed the system will have to be "Un-Hardened" so the changes can be made.

Certain Maintenance functions also require the system to be "Un-Hardened"

Once all the changes have been made the system is then "Hardened" to eliminate these network holes in the server.

It's a pain, but it can be done.

John

 

[texan01]

Thanks, yes they do all three of those things. I guess I'll check to see what they want to do.