[johy]

Hi all,

I need some recommendations please.

I am hosting an FTP server on a Windows XP machine running BulletProof FTP server. I have a hardware firewall cum router (UTStarcom), with port 21 forwarded to this PC. Also, I have ZoneAlarm as the software firewall. I have turned off Windows XP's native firewall as it interferes with the LIST command from FTP clients (even with settings turned ON for ftp access).

Anti-hammering is ON on BulletFTP and so is block banned IPs (instead of notifying client).

Anyways, I am looking for tips to help secure my setup - something that won't cause the system to crash.

Also, which would be the BEST software firewall given my scenario.

Thanks in advance.

johy

[b]Note from mod: thread moved

[tsk1979]

securing ftp is like securing a lock with a key copies of which are available off the shelf.
ftp cannot be secure. All I need is your password, which is easy since ftp is non encrypted. Anybody sniffing can use it.
So make sure, never login as root from a remote terminal.
PS: why do you want ftp, wont ssh be fine?

[johy]

Thanks tsk, I am in the learning curve - looking into ssh. Which program do you suggest I look into? I need the ftp to serve large files. In the meantime, what steps can I take to prevent system crashes?

[moralfibre]

Use SFTP over SSH2 and disable root login in your config file by changing Permitrootlogin parameter to N in the ssh config file.

Also change the SSH to use only protocol 2.

EDIT: This applies to Linux servers. Confirm its functionality for Windows. I use OpenSSH4.2P1 .

[tsk1979]

For system crashes on windows XP before working on your computer stand on your left leg and hop 15 times. If you are on win 98 you need to hop 50 times.

The pain in your leg will help mitigate the agony of crashes.

[deepug]

Also make sure that the home dir for the ftp login user is locked down. Should not allow the user from naviagting to any other dir other than his home dir. B/W if possible shift to a linux based server , you can avoid hopping on one leg for the duration mentioned by tsk

Deepu

[johy]

Quote:

Originally Posted by tsk1979

The pain in your leg will help mitigate the agony of crashes.

Believe me, the pain in the backside can't really be evened out by this kind of leg pain

Quote:

Originally Posted by deepug

Also make sure that the home dir for the ftp login user is locked down. Should not allow the user from naviagting to any other dir other than his home dir. B/W if possible shift to a linux based server , you can avoid hopping on one leg for the duration mentioned by tsk

Deepu

I have locked the user down fine and yes the Linux server is on its way. Thanks for the responses.

[deepug]

As far as firewall goes . BlackICe Server protection (www.iss.net) is a very good IPS in the comercial space and also you can look at Sygate Personal Firewall (Was free, now I am not sure, after take over by Symantec). Also the following firewall is also good. This is free

http://personalfirewall.comodo.com

Deepu

[tsk1979]

Are you planning to run the server of your BSNL line? Whats your upstream?

[johy]

Yes, on my BSNL line. The upload is a measly 56 kbps or so - but it serves my purpose. I have very few users downloading at any given point of time. Tried it out - working fine. I need a robust software firewall right now. Have you tried the Comodo firewall - how would you rate it? I used to like the old Symantec Personal one - ZA keeps messing up my access - but I need something that has the "trusted zones."

[tsk1979]

You already have a firewall in from of router. Open only ftp port, close all other ports. So why do you need to have an extra software firewall, it will just use CPU.
So unless your router is in bridge mode(and not on NAT), you dont need any software firewall.

You can use any firewall for blocking spyware etc., from accessing outside world, thats about it, for out to in you dont need firewall.