Secure FTP
in [Windows Servers]
|
Prev: Windows Server 2008: where is Active Directory Users and Computers?
Next: Windows 2000 and running Chkdsk /F /R on the D: \drive
From: Whiteford on 16 Jun 2010 06:43 Hi, We currently use a windows 2003 FTP server fro clients to upload huge files to. We have a new client that needs to upload files securely, can anyone recommend a secure way to upload files? I know there are many types of secure FTP apps, but which one?
From: Grant Taylor on 16 Jun 2010 10:15 On 06/16/10 05:43, Whiteford wrote: > We currently use a windows 2003 FTP server fro clients to upload huge > files to. We have a new client that needs to upload files securely, can > anyone recommend a secure way to upload files? I know there are many > types of secure FTP apps, but which one? In general (a 10,000 foot view) you have a couple of options, one being FTPS or FTP over SSL, the other being SFTP or SSH file copy (a.k.a. SCP). There are servers for both on Windows, none of which (that I'm aware of) are from Microsoft. Generally, SFTP has won out in favor over FTPS. I'd suggest playing around with SFTP and see if there are any options that you like. If not, fall back and look at the options for FTPS. Another option would be to do the uploads via HTTPS. Grant. . . .
From: Phillip Windell on 16 Jun 2010 10:54 Additional note for everyone: Some firewalls will not work with either SFTP or FTPS due to their built-in FTP Application Filter can't process the traffic because of the encryption. Some may have workarounds,...some may not,...some workarounds may be very "security ugly". This will be less of an issue in the future as more newer firewalls include Application Filters for SFTP and FTPS. FTP by it nature needs a Application Filter to handle the dynamic nature of the way ports are handled in the communication session. FTP is one of the *few* protocols like this. HTTP, HTTPS, DNS, SMTP and most other protocols are not like that. Here are some details surrounding this from the perspective of Microsoft ISA How the FTP protocol Challenges Firewall Security http://www.isaserver.org/articles/How_the_FTP_protocol_Challenges_Firewall_Security.html Solving the Secure FTP [SFTP] dilemma with ISA Server 2004 and 2006 http://blogs.isaserver.org/pouseele/2006/10/08/solving-the-secure-ftp-dilemma-with-isa-server-2004-and-2006/ -- Phillip Windell The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. -----------------------------------------------------
From: Grant Taylor on 16 Jun 2010 13:41
On 06/16/10 09:54, Phillip Windell wrote: > Some firewalls will not work with either SFTP or FTPS due to their > built-in FTP Application Filter can't process the traffic because of > the encryption. Some may have workarounds,...some may not,...some > workarounds may be very "security ugly". This will be less of an > issue in the future as more newer firewalls include Application > Filters for SFTP and FTPS. Please explain the problem that some firewalls have with SFTP (a.k.a. SCP). Short of brain dead filtering by port, I don't see how firewalls are going have problems with SFTP like they can with FTP(S). Grant. . . . |