HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 26 guests and 2 members online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Network Perimeter Security (FTP)
Ethical Hacker Community Forums
January 08, 2009, 12:34:52 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Network Perimeter Security (FTP)  (Read 1578 times)
0 Members and 1 Guest are viewing this topic.
scucci
Newbie
*
Offline Offline

Posts: 23


View Profile
« on: September 15, 2008, 10:58:55 AM »
Currently we have multiple FTP servers that have firewall rules to allow any source to connect to it via FTP. We do have authenication on the FTP server setup so that only approved accounts can connect.

We get random IP addresses that port scan our network and attempt to get into the FTP accounts due to the open service. We were blocking the major offenders by IP on the firewall, but new one's come everyday.

My question is, what is the best standard when it comes to open services that need to be accessed by clients like this? Is relying on the FTP credentials enough?

Any suggestions would be helpful.

Scucci
Logged
oleDB
Full Member
***
Offline Offline

Posts: 231



View Profile WWW
« Reply #1 on: September 15, 2008, 12:54:29 PM »
There is not much you can do, if whitelisting the approved netblocks isn't feasible with your business. By that I mean permitting only the people you want to FTP on your server through the fw/router. Blacklisting becomes unmanageable, because you will continually be adding addresses, as I'm sure you've already seen. I would start with what you've already done and geo-block a few countries like the frequent offenders, but that also depends on your business requirements. Then make sure that server has a scheduled patching procedure, is monitored daily and probably chroot ftp if its unix. A more ideal solution would be key based SCP, but that all depends on if your business will accept it.
Logged
scucci
Newbie
*
Offline Offline

Posts: 23


View Profile
« Reply #2 on: September 15, 2008, 03:19:58 PM »
Thank you for the reply - What do you mean by key based SCP? I was thinking about maybe changing the FTP port, but I'm not sure thats the smartest thing to do right now.
Logged
ShawnB
Newbie
*
Offline Offline

Posts: 8


View Profile
« Reply #3 on: September 15, 2008, 04:08:54 PM »
Quote from: scucci on September 15, 2008, 03:19:58 PM
Thank you for the reply - What do you mean by key based SCP? I was thinking about maybe changing the FTP port, but I'm not sure thats the smartest thing to do right now.

FTP Port-
It depends on the role of the FTP servers if you change it to a non standard port, your clients/customers may have a hard time connecting to it. Many corporate firewalls expect FTP to be on port 21 ( to start with Wink ) and your clients/customers may have to work with their network administrators to connect to a non-standard port. So if there is a large number of outside clients/customers that use the FTP servers, changing the port may be more work than it is worth.
Logged
jimbob
Sr. Member
****
Offline Offline

Posts: 332



View Profile WWW
« Reply #4 on: September 16, 2008, 03:08:34 AM »
You could try using SSL on your FTP. It does mean that you will need to make sure your clients support FTP over SSL but it does have the benefit of effectively filtering out most brute force attacks.

Jimbob
Logged
scucci
Newbie
*
Offline Offline

Posts: 23


View Profile
« Reply #5 on: September 17, 2008, 05:36:47 PM »
Thank you all for your help. I have a few ideas now. Smiley
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.049 seconds with 23 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
How many security events including conferences and training do you attend a year:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2009 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.