.

Network Perimeter Security (FTP)

<<

scucci

Newbie
Newbie

Posts: 29

Joined: Mon Sep 15, 2008 10:55 am

Post Mon Sep 15, 2008 10:58 am

Network Perimeter Security (FTP)

Currently we have multiple FTP servers that have firewall rules to allow any source to connect to it via FTP. We do have authenication on the FTP server setup so that only approved accounts can connect.

We get random IP addresses that port scan our network and attempt to get into the FTP accounts due to the open service. We were blocking the major offenders by IP on the firewall, but new one's come everyday.

My question is, what is the best standard when it comes to open services that need to be accessed by clients like this? Is relying on the FTP credentials enough?

Any suggestions would be helpful.

Scucci
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Mon Sep 15, 2008 12:54 pm

Re: Network Perimeter Security (FTP)

There is not much you can do, if whitelisting the approved netblocks isn't feasible with your business. By that I mean permitting only the people you want to FTP on your server through the fw/router. Blacklisting becomes unmanageable, because you will continually be adding addresses, as I'm sure you've already seen. I would start with what you've already done and geo-block a few countries like the frequent offenders, but that also depends on your business requirements. Then make sure that server has a scheduled patching procedure, is monitored daily and probably chroot ftp if its unix. A more ideal solution would be key based SCP, but that all depends on if your business will accept it.
<<

scucci

Newbie
Newbie

Posts: 29

Joined: Mon Sep 15, 2008 10:55 am

Post Mon Sep 15, 2008 3:19 pm

Re: Network Perimeter Security (FTP)

Thank you for the reply - What do you mean by key based SCP? I was thinking about maybe changing the FTP port, but I'm not sure thats the smartest thing to do right now.
<<

ShawnB

Newbie
Newbie

Posts: 8

Joined: Mon Dec 18, 2006 8:00 am

Post Mon Sep 15, 2008 4:08 pm

Re: Network Perimeter Security (FTP)

scucci wrote:Thank you for the reply - What do you mean by key based SCP? I was thinking about maybe changing the FTP port, but I'm not sure thats the smartest thing to do right now.


FTP Port-
It depends on the role of the FTP servers if you change it to a non standard port, your clients/customers may have a hard time connecting to it. Many corporate firewalls expect FTP to be on port 21 ( to start with ;) ) and your clients/customers may have to work with their network administrators to connect to a non-standard port. So if there is a large number of outside clients/customers that use the FTP servers, changing the port may be more work than it is worth.
<<

jimbob

Post Tue Sep 16, 2008 3:08 am

Re: Network Perimeter Security (FTP)

You could try using SSL on your FTP. It does mean that you will need to make sure your clients support FTP over SSL but it does have the benefit of effectively filtering out most brute force attacks.

Jimbob
<<

scucci

Newbie
Newbie

Posts: 29

Joined: Mon Sep 15, 2008 10:55 am

Post Wed Sep 17, 2008 5:36 pm

Re: Network Perimeter Security (FTP)

Thank you all for your help. I have a few ideas now. :)

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software