Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ftp server location 1

Status
Not open for further replies.
mudddawg

mudddawg

IS-IT--Management
Feb 12, 2001
8
0
0
US
I am trying to find the best place to locate my ftp server. Currently our network sits behind a firewall, as well as the ftp server, with the ftp ports open on the firewall to the server. To me this seems to be a huge security risk. But for the network users this is ideal because the ftp files are easily accessible.

If I move the ftp server to the outside of the firewall, I feel that I might be in for some trouble with that server as it will be wide open. As well as making it somewhat more difficult on my users getting their files.

With the many ftp servers out there, I am sure there must be some solution to this problem.

Thanks in advance for your help.

 
Sort by date Sort by votes
I would venture to say that the way it is configured right now, is probably the way most people have it set up.

Bill.
 
Upvote 0 Downvote
Having a publically accessible server behind your firewall is a definate problem. Think about this, if you have your FTP Server on the outside and someone breaks into it, that is bad, but they only have access to that one server. If your FTP Server is broken into on the inside, they now have complete access to you internal network, VERY BAD!!!

True, having the server on the outside is going to open it up more, but there are ways of protecting it. Shutdown every service you do not need on the server (ie absolutely no telnet - use SSH if you need remote console access, turn off HTTP servers, Ident, mail, etc, etc, etc). Basically, lock it down tight, so the only thing that is open is FTP - which you already have open through the firewall, so you are really not opening up anything new.

Also, you could think about adding another NIC to your firewall and hang the DMZ off of that, where you can still have some firewall blockage, but you can still limit where the FTP server can go.

Since your inside people need access to the FTP server, having it on the outside is no problem (its the same as them going to any other FTP server in the world).

In my opinion, having the FTP server on the inside is a very bad idea, if it gets hacked, your whole network is now compromised. If it is hacked on the outside (which you need to lock down the server anyway), you can minimize the damage that can be done to your entire network.

Hope this helps,
Paul
 
Upvote 0 Downvote
I agree with paul, any service you want to run out on the net should be put in a DMZ, all rules on your fw should block unwanted access to your DMZ servers.
 
Upvote 0 Downvote
You could also tunnel your FTP traffic through SSH to avoid the security holes inherent in FTP. This would require a bit more configuration on the client-side but would definitely raise the overall level of security on that box. Wushutwist
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
51
Russtoleum
Russtoleum
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
36
xwray
xwray
mmjam
  • Locked
  • Question
Sonicwall FTP problem
Replies
4
Views
63
joepc
joepc
galvanize
  • Locked
  • Question
FTP Deployment (DMZ)
Replies
1
Views
36
galvanize
galvanize
tecky715
  • Locked
  • Question
SonicWall FTP
Replies
0
Views
25
tecky715
tecky715

Part and Inventory Search

Sponsor

Back
Top