unsecure FTP - dslreports.com

Author	All Replies
kracksmith join:2004-07-14 Fullerton, CA 1 edit	unsecure FTP Our network is consisted of a Win2k3 sp1 domain. I am running a dedicated non-domain unsecure FTP server (filezilla beta). If I don't decide to go with SSH / SFTP or SSL / TLS then what is the precaution? We have a sonicwall that passes port 21 and 10 other ports to this dedicated non-domain FTP server. Also our FTP server doesn't have any software firewall running. Do you think we will need a software firewall even though we have a hardware firewall at our gateway? Since I have to create local user on the FTP server hackers won't have any access to our domain share directory if they happen to hack in right? or how will a hacker find their way in to the domain share directory if they happen to hack in on the FTP server which is non-domain? I know it's not a good idea to run a unsecure FTP server but i can't explain why because I don't know anything about hacking and I'm just trying to come up with any exploits for management review. Thanks
	to forum · permalink · · 2006-10-30 17:27:24 ·
kracksmith join:2004-07-14 Fullerton, CA	nobody knows?? i'm sure there are some security expert out there
	to forum · permalink · · 2006-10-30 21:33:17 ·
PetePuma How many lumps do you want Premium,MVM join:2002-06-13 Arlington, VA	reply to kracksmith If you're going to run a public FTP server it should be on a different network segment than your LAN. There should be a hardware firewall between your FTP server and your LAN as well as from the Internet. If a hacker can get on that box you are extremely exposed, regardless of the domain issue.
	to forum · permalink · · 2006-10-30 22:49:00 ·
kracksmith join:2004-07-14 Fullerton, CA	good point, you are right! different subnet with a firewall or an existing firewall with a policy.
	to forum · permalink · · 2006-10-31 11:02:45 ·
rdhw join:2002-09-21 Cambridge UK	reply to kracksmith said by kracksmith : I know it's not a good idea to run a unsecure FTP server but i can't explain why because I don't know anything about hacking The reason FTP is insecure is that the usernames and passwords are transmitted in clear text over the internet at large. Therefore remote snooping can reveal the usernames and passwords of remote users connecting to your FTP server. There is nothing you can do to prevent this happening. That is why you should not use FTP. -- Robin Walker »homepage.ntlworld.com/robin.d.h.walker/ for broadband troubleshooting tips
	to forum · permalink · · 2006-10-31 16:00:30 ·
kracksmith join:2004-07-14 Fullerton, CA	thanks for the respond. secure FTP wouldn't be a problem. but getting our clients to use it and configure it correct is a problem. webdav is another decision we might go with. but configure it to look more friendly would be a problem. how does the monitoring of the public IP work? so this hacker sets up a monitoring device (ethereal)to filter all the traffic and capture all packets to find the user name and password. how do they set this up. i wouldn't mind doing a demo to show management what's been happening. seems like this security issue might be passed off the table.
	to forum · permalink · · 2006-10-31 19:22:44 ·


Friday, 04-Dec 20:56:13	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF