Most secure FTP server program?

J

Jinx_player

Limp Gawd
Joined
Mar 12, 2004
Messages
330
Right now im using Serv-U, and i know there are a lot of tricks and exploits out for it. Anyone have any suggestions what i could use to have a more hardened fileserver?

Thanks ;)
 
lomn75 said:
Well, there's SFTP.
Click to expand...

I know, it's late and I'm punchy and being a bit of a smart-ass.

If you can, I'd consider scp/ssh. It's hard to give advice without knowing how one intends to use the ftp server. Is this a public ftp site? Is it an intranet site? Are you using FTP as a deployment tool? What OS is being used on the server? How many clients access the server? Do you have control over the clients to install any required software? The list goes on....
 
either sftp or scp, and I would only recomend the ssh2 protocol, as 1 and 1.5 do have security issues. When I say security issues, I mean programs like ettercap can do a mitm attack durring the connection, and hijack it. Their is also FTP over SSL (not the same as sftp, best to call it ftps).

As for clients you can use, their is filezilla, or winscp for windows (both free, check sourceforge), as well as a few others that I can't seem to think of off the top of my head.
 
Xipher said:
either sftp or scp, and I would only recomend the ssh2 protocol, as 1 and 1.5 do have security issues. When I say security issues, I mean programs like ettercap can do a mitm attack durring the connection, and hijack it. Their is also FTP over SSL (not the same as sftp, best to call it ftps).

As for clients you can use, their is filezilla, or winscp for windows (both free, check sourceforge), as well as a few others that I can't seem to think of off the top of my head.
Click to expand...

Agreed on scp. Setup OpenSSH 4.x (or patched 3.x) with hashing/protocol 2, make proper user accounts and be on your way.
 
Filezilla FTP Server (free) supports FTP over SSL. OpenSSH supports FTP over SSH.
 
FTPS=CA=$$$

For home use, just stick with SSH2 and tunnel your traffic over that.
 
BobSutan said:
FTPS=CA=$$$

For home use, just stick with SSH2 and tunnel your traffic over that.
Click to expand...
Like he said, you can generate your own cert, and then add it to the list of trusted ones (I mean if you can't trust yourself, who can you trust?)
 
Sorry for the vague-ness. Im looking for a program for XP pro. Ftp is a file server, no access to clients other than to download and upload in a designated folder, no execute privliges. Going to have a maximum of 4 clients on at a time, probably will be 1 at a time though.
 
If all the clients are XP you could look into creating IPSec policies and then simply use plain-old FTP.
 
You must log in or register to reply here.
Back
Top