Go Back   Team-BHP > Around the Corner > Shifting gears > Gadgets, Computers & Software


Reply
 
Thread Tools Search this Thread
Old 28th September 2006, 11:42   #1
BHPian
 
johy's Avatar
 
Join Date: Mar 2006
Location: Siliguri
Posts: 837
Thanked: 370 Times
Default FTP Server/Firewall/Settings

Hi all,

I need some recommendations please.

I am hosting an FTP server on a Windows XP machine running BulletProof FTP server. I have a hardware firewall cum router (UTStarcom), with port 21 forwarded to this PC. Also, I have ZoneAlarm as the software firewall. I have turned off Windows XP's native firewall as it interferes with the LIST command from FTP clients (even with settings turned ON for ftp access).

Anti-hammering is ON on BulletFTP and so is block banned IPs (instead of notifying client).

Anyways, I am looking for tips to help secure my setup - something that won't cause the system to crash.

Also, which would be the BEST software firewall given my scenario.

Thanks in advance.

johy

[b]Note from mod: thread moved

Last edited by tsk1979 : 28th September 2006 at 12:49.
johy is offline   Reply With Quote
Old 28th September 2006, 12:48   #2
Team-BHP Support
 
tsk1979's Avatar
 
Join Date: Feb 2005
Location: New Delhi
Posts: 22,852
Thanked: 15,407 Times
Default

securing ftp is like securing a lock with a key copies of which are available off the shelf.
ftp cannot be secure. All I need is your password, which is easy since ftp is non encrypted. Anybody sniffing can use it.
So make sure, never login as root from a remote terminal.
PS: why do you want ftp, wont ssh be fine?
tsk1979 is offline   Reply With Quote
Old 28th September 2006, 12:56   #3
BHPian
 
johy's Avatar
 
Join Date: Mar 2006
Location: Siliguri
Posts: 837
Thanked: 370 Times
Default

Thanks tsk, I am in the learning curve - looking into ssh. Which program do you suggest I look into? I need the ftp to serve large files. In the meantime, what steps can I take to prevent system crashes?
johy is offline   Reply With Quote
Old 28th September 2006, 13:12   #4
Team-BHP Support
 
moralfibre's Avatar
 
Join Date: Dec 2004
Location: MH-12
Posts: 6,562
Thanked: 6,028 Times
Default

Use SFTP over SSH2 and disable root login in your config file by changing Permitrootlogin parameter to N in the ssh config file.

Also change the SSH to use only protocol 2.

EDIT: This applies to Linux servers. Confirm its functionality for Windows. I use OpenSSH4.2P1 .

Last edited by moralfibre : 28th September 2006 at 13:14.
moralfibre is offline   Reply With Quote
Old 28th September 2006, 13:21   #5
Team-BHP Support
 
tsk1979's Avatar
 
Join Date: Feb 2005
Location: New Delhi
Posts: 22,852
Thanked: 15,407 Times
Default

For system crashes on windows XP before working on your computer stand on your left leg and hop 15 times. If you are on win 98 you need to hop 50 times.

The pain in your leg will help mitigate the agony of crashes.
tsk1979 is offline   Reply With Quote
Old 28th September 2006, 13:44   #6
BHPian
 
Join Date: Feb 2006
Location: Bangalore
Posts: 85
Thanked: Once
Default

Also make sure that the home dir for the ftp login user is locked down. Should not allow the user from naviagting to any other dir other than his home dir. B/W if possible shift to a linux based server , you can avoid hopping on one leg for the duration mentioned by tsk

Deepu
deepug is offline   Reply With Quote
Old 28th September 2006, 14:13   #7
BHPian
 
johy's Avatar
 
Join Date: Mar 2006
Location: Siliguri
Posts: 837
Thanked: 370 Times
Default

Quote:
Originally Posted by tsk1979

The pain in your leg will help mitigate the agony of crashes.
Believe me, the pain in the backside can't really be evened out by this kind of leg pain

Quote:
Originally Posted by deepug
Also make sure that the home dir for the ftp login user is locked down. Should not allow the user from naviagting to any other dir other than his home dir. B/W if possible shift to a linux based server , you can avoid hopping on one leg for the duration mentioned by tsk

Deepu
I have locked the user down fine and yes the Linux server is on its way. Thanks for the responses.
johy is offline   Reply With Quote
Old 28th September 2006, 14:33   #8
BHPian
 
Join Date: Feb 2006
Location: Bangalore
Posts: 85
Thanked: Once
Default

As far as firewall goes . BlackICe Server protection (www.iss.net) is a very good IPS in the comercial space and also you can look at Sygate Personal Firewall (Was free, now I am not sure, after take over by Symantec). Also the following firewall is also good. This is free

http://personalfirewall.comodo.com

Deepu
deepug is offline   Reply With Quote
Old 28th September 2006, 14:34   #9
Team-BHP Support
 
tsk1979's Avatar
 
Join Date: Feb 2005
Location: New Delhi
Posts: 22,852
Thanked: 15,407 Times
Default

Are you planning to run the server of your BSNL line? Whats your upstream?
tsk1979 is offline   Reply With Quote
Old 29th September 2006, 11:37   #10
BHPian
 
johy's Avatar
 
Join Date: Mar 2006
Location: Siliguri
Posts: 837
Thanked: 370 Times
Default

Yes, on my BSNL line. The upload is a measly 56 kbps or so - but it serves my purpose. I have very few users downloading at any given point of time. Tried it out - working fine. I need a robust software firewall right now. Have you tried the Comodo firewall - how would you rate it? I used to like the old Symantec Personal one - ZA keeps messing up my access - but I need something that has the "trusted zones."

Last edited by johy : 29th September 2006 at 11:47.
johy is offline   Reply With Quote
Old 29th September 2006, 11:48   #11
Team-BHP Support
 
tsk1979's Avatar
 
Join Date: Feb 2005
Location: New Delhi
Posts: 22,852
Thanked: 15,407 Times
Default

You already have a firewall in from of router. Open only ftp port, close all other ports. So why do you need to have an extra software firewall, it will just use CPU.
So unless your router is in bridge mode(and not on NAT), you dont need any software firewall.

You can use any firewall for blocking spyware etc., from accessing outside world, thats about it, for out to in you dont need firewall.
tsk1979 is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Office Firewall blocks Team-BHP - Proxying Team-BHP? shreeks Gadgets, Computers & Software 26 27th March 2017 21:05
Best Corporate Firewall? autoenthusiast Gadgets, Computers & Software 120 13th February 2017 10:27
How to seal the firewall opening? Gill In-Car Entertainment 8 3rd March 2010 23:07
Xenos Firewall 350 - safety / convenience system gbpscars Modifications & Accessories 8 28th September 2007 11:53
Help: Zone alarm Firewall . unknown Shifting gears 17 25th September 2006 20:04


All times are GMT +5.5. The time now is 02:56.

Copyright 2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks