LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 11-04-2010, 05:58 AM   #1
albertwt
Member
 
Registered: Aug 2010
Posts: 50

Rep: Reputation: 1
Opening FTP service on public facing website for 3rd party maintenance access


Hi All,

I'd like to know if this is common security flaw or normal to open up FTP to the public which is of course protected with password for 3rd party access to maintain our public facing / production website ?

If yes, what sort of FTP application to install in your Linux webserver ?

Any kind of sharing and suggestion in regards to this thread will be greatly appreciated.

Thanks,

AWT
 
Old 11-04-2010, 06:35 AM   #2
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,615

Rep: Reputation: Disabled
I would say, anything open to public internet is always at risk. Even if you have got authentication at place. If it is going to be used by limited users and if they have static addresses, using iptables to only allow certain addresses for FTP will increase the security. Also changing the default listening port to something else should put another layer of security.
You can use vstfpd for your needs though.
 
1 members found this post helpful.
Old 11-04-2010, 06:49 AM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,769
Blog Entries: 1

Rep: Reputation: 410Reputation: 410Reputation: 410Reputation: 410Reputation: 410
You should also consider using SSL with your FTP server as FTP transmits usernames and passwords in the clear. That isn't a problem if you're just using anonymous access, but if you're allowing access to only specific people, it is something worth considering.
 
1 members found this post helpful.
Old 11-04-2010, 06:56 AM   #4
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 2,866

Rep: Reputation: 698Reputation: 698Reputation: 698Reputation: 698Reputation: 698Reputation: 698
I think I would want to have SSH implemented for any outside access (and require the use sftp; sftp "...operates over an encrypted ssh transport."

With ssh, you control who has what access and it's a reliable way to do what you're interested in. SSH is, in many ways, analogous to the user id/password system.

You may wish to turn off (or not turn on) ftp services, possibly found in /etc/inetd.conf (your location may vary). The services lines in /etc/inetd.conf look like this:
Code:
#
# These are standard services:
#
# Very Secure File Transfer Protocol (FTP) server.
#ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  vsftpd
#
# Professional File Transfer Protocol (FTP) server.
#ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  proftpd
#
# Telnet server:
#telnet stream  tcp     nowait  root    /usr/sbin/tcpd  in.telnetd
#
On my systems, there are all commented out (meaning that they are not available) and external users are required to use SSH (and, thus, sftp) for any connections or file transfers.

Hope this helps some.
 
2 members found this post helpful.
Old 11-04-2010, 08:04 AM   #5
nowonmai
Member
 
Registered: Jun 2003
Posts: 481

Rep: Reputation: 47
^ Agreed

ftp over ssh with access controlled by keys and passphrases will give you a fairly tight lockdown.
 
1 members found this post helpful.
Old 11-04-2010, 08:19 AM   #6
albertwt
Member
 
Registered: Aug 2010
Posts: 50

Original Poster
Rep: Reputation: 1
ah.. yes sFTP, so in this case only port 80 and 22 that is open to the public ?
great, so can I use Filezilla from the internet to upload this ?
 
Old 11-04-2010, 09:13 AM   #7
nowonmai
Member
 
Registered: Jun 2003
Posts: 481

Rep: Reputation: 47
Yup. It will even do key based authentication.
 
1 members found this post helpful.
  


Reply

Tags
blog, ftp, linux, ubuntu, wordpress


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
3rd party library rosy Jovita Linux - Newbie 15 03-16-2010 04:08 AM
3rd party package managers? crontab Slackware 3 10-06-2007 10:34 AM
install 3rd party softwares sujitkale Linux - Software 7 09-02-2007 06:10 AM
Safety of 3rd party cd's robby737 Linux - Security 5 06-16-2004 11:04 AM
Did you know You don't need 3rd party FTP clients and servers? Paul Parr Linux - Newbie 11 05-05-2003 06:21 PM


All times are GMT -5. The time now is 06:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration