I am planning on setting up a ftp server for personal use on a second computer that has Win XP on it. What is the best and most secure way of setting up a FTP server? Like i siad before it is just for personal use. No more than 1 connection at a time.

Member Avatar for nicentral

I am planning on setting up a ftp server for personal use on a second computer that has Win XP on it. What is the best and most secure way of setting up a FTP server? Like i siad before it is just for personal use. No more than 1 connection at a time.

Unfortunately, there really isn't such thing as "secure" FTPing as passwords are sent clear text. There are ways you can tunnel an FTP session through SSH, but it takes a lot of configuration setup on Windows. If you just want a place to retrieve information from say work, then I would suggest setting up the Windows built in FTP service, a generic user that has read/write privileges to the directory, and limit your connections to 1 user. Then, you should change the password of the generic user quite frequently as well as only running the FTP service when you need it.

On another note, there are a whole lot more security options that you could use with Windows Server 2000/2003 or, even better, a Linux box.

nicentral provided some good suggestions-- I can only add some things to it.

Firstly, are you running this FTP box on a LAN, or do you want it to be available to the outside world? If it's on a LAN, you can pretty well leave your FTP server set wide-open, with very lax security. If you're running it on the Internet, nicentral's advice is very relevant. The only additional information I'd suggest is to implement some kind of firewall solution where you can allow or deny certain IP addresses access to your FTP service. I'd implement a whitelist approach, only allowing access from IPs/boxes you've previously authorized.

I'd have to agree with nicentral, though-- I think setting up a Linux/BSD box is a pretty attractive, primarily because you can set up just about any box (from a 25mhz 486 to an AMD64) to do file serving, and be pretty well happy with the result. On top of that, *nix boxen already come with some type of firewall installed, like IPTABLES on Linux, or ipf/pf on the *BSDs. Even further on top of that, there are rudimentary ways, like hosts.deny and hosts.allow to secure the FTP service itself in those OSes.

Member Avatar for nicentral

More good imput alc6379 --

Another bonus of a linux box is the ability to connect to it securely over the Interenet using SSH. I use my linux file server at home a a FTP server as well, but I NEVER leave the service running. If I need to grab something off of my file server I simply SSH to it, start the service, download the file, then stop the service. This also limits the potential for security breaches. You could also use this method to change the password of the generic user that you use to connect to your FTP server whenever you need to FTP something. A lot of extra steps, but I'm sort of a paranoid secrurity freak ;)

Andy

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.