HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 34 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Network Perimeter Security (FTP)
EH-Net
May 21, 2013, 10:55:45 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Network Perimeter Security (FTP)  (Read 4447 times)
0 Members and 1 Guest are viewing this topic.
scucci
Newbie
*
Offline Offline

Posts: 29


View Profile
« on: September 15, 2008, 10:58:55 AM »
Currently we have multiple FTP servers that have firewall rules to allow any source to connect to it via FTP. We do have authenication on the FTP server setup so that only approved accounts can connect.

We get random IP addresses that port scan our network and attempt to get into the FTP accounts due to the open service. We were blocking the major offenders by IP on the firewall, but new one's come everyday.

My question is, what is the best standard when it comes to open services that need to be accessed by clients like this? Is relying on the FTP credentials enough?

Any suggestions would be helpful.

Scucci
Logged
oleDB
Recruiters
Full Member
*
Offline Offline

Posts: 236



View Profile WWW
« Reply #1 on: September 15, 2008, 12:54:29 PM »
There is not much you can do, if whitelisting the approved netblocks isn't feasible with your business. By that I mean permitting only the people you want to FTP on your server through the fw/router. Blacklisting becomes unmanageable, because you will continually be adding addresses, as I'm sure you've already seen. I would start with what you've already done and geo-block a few countries like the frequent offenders, but that also depends on your business requirements. Then make sure that server has a scheduled patching procedure, is monitored daily and probably chroot ftp if its unix. A more ideal solution would be key based SCP, but that all depends on if your business will accept it.
Logged
scucci
Newbie
*
Offline Offline

Posts: 29


View Profile
« Reply #2 on: September 15, 2008, 03:19:58 PM »
Thank you for the reply - What do you mean by key based SCP? I was thinking about maybe changing the FTP port, but I'm not sure thats the smartest thing to do right now.
Logged
ShawnB
Newbie
*
Offline Offline

Posts: 8


View Profile
« Reply #3 on: September 15, 2008, 04:08:54 PM »
Quote from: scucci on September 15, 2008, 03:19:58 PM
Thank you for the reply - What do you mean by key based SCP? I was thinking about maybe changing the FTP port, but I'm not sure thats the smartest thing to do right now.

FTP Port-
It depends on the role of the FTP servers if you change it to a non standard port, your clients/customers may have a hard time connecting to it. Many corporate firewalls expect FTP to be on port 21 ( to start with Wink ) and your clients/customers may have to work with their network administrators to connect to a non-standard port. So if there is a large number of outside clients/customers that use the FTP servers, changing the port may be more work than it is worth.
Logged
jimbob
Guest
« Reply #4 on: September 16, 2008, 03:08:34 AM »
You could try using SSL on your FTP. It does mean that you will need to make sure your clients support FTP over SSL but it does have the benefit of effectively filtering out most brute force attacks.

Jimbob
Logged
scucci
Newbie
*
Offline Offline

Posts: 29


View Profile
« Reply #5 on: September 17, 2008, 05:36:47 PM »
Thank you all for your help. I have a few ideas now. Smiley
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.097 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.