Securing FTP

[TamedTech]

Hello Guys,

I've got a 2k3 Server running a single website on IIS6.0 and i've setup and FTP site, At the moment the site is completely unsecure and its plauging me in my sleep lol.

What is the simplest way to slap a username and password onto that FTP site?

I'd rather not use AD as i cant be bothered with the admin, just a simple single username and password that stops all access to the ftp site unless they are authenticated.

What do you think the best method?

Thanks,

Rob

 

[Stevehewitt]

Local user account, give relevant NTFS permissions and remove anonymous access.

Worth noting that FTP is completely insecure anyway. Credentials are sent using plain text (I think) and there's no encryption at any stage.

Good Luck,




Steve.

"They have the internet on computers now!" - Homer Simpson

 

[TamedTech]

No sure I appreciate that FTP isnt that secure, I'm looking at running SFTP which i believe works over SSH, that'll make life a bit better.

Thanks,

Rob

 

[Stevehewitt]

Yeah, S/FTP runs the same as HTTPS - as you said just SSL.

Good Luck,




Steve.

"They have the internet on computers now!" - Homer Simpson