Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

ftp security

  • 19-06-2006 8:31pm
    #1
    matrim
    Registered Users, Registered Users 2 Posts: 7,518 ✭✭✭


    I've a quick question about 2 different security settings for setting up a windows ftp server.

    At the moment I have ftp setup with an ftp server (filezilla server) setup to only allow connections from 127.0.0.1. To access this I use openssh with putty to access my pc. Then tunnel to the ftp server.
    I also use openssh \ putty to create a tunnel for my VNC connection.

    Would I be better off setting up a sftp server to accept connections on it's own or keep the settings that I have.

    I see the advantage of what I have as I only have to keep one port open for both connections and they can both use the same one at the same time.

    What do other people think or have?


Comments

  • #2
    Ponster
    Moderators, Recreation & Hobbies Moderators Posts: 10,912 Mod ✭✭✭✭Ponster


    Why not just an ftp server that doesn't have any known exploits running on port 21 ?

    What is the goal of all this extra security?


  • #3
    Snowbat
    Registered Users, Registered Users 2 Posts: 1,065 ✭✭✭Snowbat


    Ponster: Apart from the ISP who may forbid running servers and might notice the port 21 traffic, it is like sticking up a big sign saying "run your brute-force password attack here" and there are plenty of crackers and bot-net masters out there willing to oblige.

    matrim: No difference really - I'd say stick with what you have. If you want to improve security, change the incoming ssh port to something other than 22, use public key encryption for login and disable password authentication, use a longer key pair.


  • #4
    Ponster
    Moderators, Recreation & Hobbies Moderators Posts: 10,912 Mod ✭✭✭✭Ponster


    Stick the ftp server on a random port, like 35874 and problem solved !

    Very, very few people out there try to crack port 21 ftp servers as there really isn't a need to. If you grab the IP address of a university in Ireland like UCD and scan a thousand IP's before and after the address you'll find enough port 21 servers with anonymous access to do whatever naughtyness you're planning on.
    Brute force is possible but only happens when the person either knows and dislikes you or is trying to prove something to you.
    either way, siomething like Bulletproof will ban IP addresses after x failed logins.


  • #5
    liamo
    Registered Users, Registered Users 2 Posts: 1,193 ✭✭✭liamo


    If you've already got openssh running, you can just tell filezilla to use "SFTP using SSH2" in the "Servertype" drop-down.

    Regards,

    Liam


Advertisement