HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 41 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Network Perimeter Security (FTP)
EH-Net
May 25, 2012, 01:26:52 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Network Perimeter Security (FTP)  (Read 3824 times)
0 Members and 1 Guest are viewing this topic.
scucci
Newbie
*
Offline Offline

Posts: 29


View Profile
« on: September 15, 2008, 10:58:55 AM »
Currently we have multiple FTP servers that have firewall rules to allow any source to connect to it via FTP. We do have authenication on the FTP server setup so that only approved accounts can connect.

We get random IP addresses that port scan our network and attempt to get into the FTP accounts due to the open service. We were blocking the major offenders by IP on the firewall, but new one's come everyday.

My question is, what is the best standard when it comes to open services that need to be accessed by clients like this? Is relying on the FTP credentials enough?

Any suggestions would be helpful.

Scucci
Logged
oleDB
Recruiters
Full Member
*
Offline Offline

Posts: 236



View Profile WWW
« Reply #1 on: September 15, 2008, 12:54:29 PM »
There is not much you can do, if whitelisting the approved netblocks isn't feasible with your business. By that I mean permitting only the people you want to FTP on your server through the fw/router. Blacklisting becomes unmanageable, because you will continually be adding addresses, as I'm sure you've already seen. I would start with what you've already done and geo-block a few countries like the frequent offenders, but that also depends on your business requirements. Then make sure that server has a scheduled patching procedure, is monitored daily and probably chroot ftp if its unix. A more ideal solution would be key based SCP, but that all depends on if your business will accept it.
Logged
scucci
Newbie
*
Offline Offline

Posts: 29


View Profile
« Reply #2 on: September 15, 2008, 03:19:58 PM »
Thank you for the reply - What do you mean by key based SCP? I was thinking about maybe changing the FTP port, but I'm not sure thats the smartest thing to do right now.
Logged
ShawnB
Newbie
*
Offline Offline

Posts: 8


View Profile
« Reply #3 on: September 15, 2008, 04:08:54 PM »
Quote from: scucci on September 15, 2008, 03:19:58 PM
Thank you for the reply - What do you mean by key based SCP? I was thinking about maybe changing the FTP port, but I'm not sure thats the smartest thing to do right now.

FTP Port-
It depends on the role of the FTP servers if you change it to a non standard port, your clients/customers may have a hard time connecting to it. Many corporate firewalls expect FTP to be on port 21 ( to start with Wink ) and your clients/customers may have to work with their network administrators to connect to a non-standard port. So if there is a large number of outside clients/customers that use the FTP servers, changing the port may be more work than it is worth.
Logged
jimbob
Guest
« Reply #4 on: September 16, 2008, 03:08:34 AM »
You could try using SSL on your FTP. It does mean that you will need to make sure your clients support FTP over SSL but it does have the benefit of effectively filtering out most brute force attacks.

Jimbob
Logged
scucci
Newbie
*
Offline Offline

Posts: 29


View Profile
« Reply #5 on: September 17, 2008, 05:36:47 PM »
Thank you all for your help. I have a few ideas now. Smiley
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.381 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.