FTP?

[fluid11]

I have a NetWare 5.1 server that I would like to be accessible from the internet. We don't have the funds to upgrade to NetWare 6 yet, so iFolder is out for now. I was thinking about setting up FTP on the NetWare box. I'm a little worried about the security risks that go along with FTP. I don't want passwords to be sent over the internet in clear text. I already have a VPN set up through our PIX 506, but that requires a lot of configuration on the client side, including the installation of the Novell Client.

What would be the best solution in my scenario? If we had the money, is NetWare 6 worth the money? iFolder seems like a good idea, but I don't know how well it actually works in the real world.

Thanks,
Chris

 

[salserocito]

Will this Server be residing in a "DMZ", or completely protected on the private side of your Firewall? What does this Server do? Is it a production Server that Users always require logging into? If not, you might want to put this Server into a "DMZ" that is partially protected by your Firwall, but still protects your Private Network. That way, the FTP server is still accessible on the Public side of the Firewall without opening up your Private side.

Good Luck.

 

[fluid11]

Right now, its completely protected on the private side of the firewall. I planned on NAT'ing the servers private IP to a public IP on the firewall and opening up just port 21 for FTP. How much of a security risk is this? What if I used an existing Linux FTP server and mapped the NetWare volumes through that so that they look local to the Linux server when they're really on a completely different machine (and OS)? Would that be any better as far as security goes?

Yes, the server is a production server that users log into everyday.

Thanks for the reply.

 

[salserocito]

Nat'ing will definitely help, but even just opening Port 21, its still exposing the server, as well as your Network, to the Public.

I think Nat'ing combined with the LINUX idea is the best so far.

Good Luck.

 

[fluid11]

How easy is it to intercept somebodies password over the internet when they are logging into an FTP site?

Have you used or seen iFolder for NetWare 6?

 

[salserocito]

If someone wants the info bad enough, they will get it any way they can. All you can do is make it as dificalt as you can for them to successfully do this.

Yes, depending on where the packet analyzer is placed, and the type of encryption that is being used (if any!), its fairly easy to retrieve passwords.

If you are coming through a VPN, that's a bit different.

No, I haven't used IFolder as of yet, but what I have seen of it is very useful.

Good Luck.

 

[lgarner]

IFolder is very cool, but best used to synchronize "My Documents" files between PCs. It does provide encryption in the http communications.

FTP is always unsecure- that's just how it works. There are secure ftp servers that can be accessed via special client software or applets:

https://www.glub.com/products/secureftp/

is something that I just ran across.

You might also want to look at setting up WebDAV. I can't help you with that as I've never used it.