[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] ftp server "best practice"
I'm tasked to add an ftp server to our companys "internet presence", the
ftp server will need to have accounts on it since the data is not for
the public. Currently our setup consists of a number of Linux firewalls
for our 4 office locations that then in turn connects these 4 office
locations using ipsec. In addition, at our main office location we have
a DMZ with a webserver.
The ftp server should be located at the main office, but I could use
some recommendations on where to place this server. From reading mailing
lists I understand the issue of active vs. passive ftp and placing the
ftp server in the DMZ. I don't think I can ask our customers to toggle
the active/passive flag of their ftp client since are customers are
usually not very computer savvy people. Putting an ftp server in the DMZ
that supports both active and passive ftp seems tricky, does anyone have
a recipe of how to make that work (using SuSEFirewall 2 on the firewall
Other options include using the firewall machine itself as the ftp
server, but that makes me very nervous. I was leaning toward using the
vsftpd, but regardless how secure that is by design I'm still not to
comfortable using the firewall as the ftp server (what if the ftpd is
The last option is to place the ftp server outside the company LAN and
make it a standalone machine with it's own firewall. This would probably
be the best solution in terms of company LAN security, but the only
thing I don't like about this solution is that I will have to administer
accounts on this machine. I was hoping to be able to hook up to an LDAP
server that is available inside the firewall (not in the DMZ).
Any thoughts / recommendations are greatly appreciated.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here