The Best Solutions for Your Business

Services:

Home
Back
FTPWatcher and Security
Licensing
Technical Requirements
Install Instructions
 

 

Back

 

 

 

Security and

Security is one of the main concerns of the Internet due to an ever increasing threat from hackers, crackers, viruses, worms and Trojans!  

Here are some tips to make your system more secure:

Keep your server updated with the latest security patches Microsoft has websites and tools available that are well suited for this purpose.  Remember, the further your server is behind, the more vulnerable it is to attack.
Shut down what's not needed Microsoft's operating systems install all kinds of "neat stuff" by default to make it easy for folks with less computer experience to get things to work.  80% or more of those things are not needed if you use the server solely for file exchange purposes.  Remove items such as sample web sites that start automatically by default.
Limit the access to your system Different applications talk to different entry points (Ports) on the server.  To transfer files to your server, the only Ports you need to allow to be accessible from the Internet are "20" (for the data stream) and "21" (for the flow control).  This enables the full functionality of File Transfer Protocol (FTP).  In Windows 2000, you can configure the TCP/IP protocol for each network card and filter on these ports.  This greatly reduces the possibilities to exploit system vulnerabilities.
Separate traffic by purpose If you are investing hundreds of dollars into a file exchange infrastructure,  then spend another ~$50 for an extra network card to connect your server to the Internet through a separate hardware interface.  This eliminates the need to develop elaborate filters because there is only limited purpose for the Internet connection that it's allowed to be used for.  Also, in most cases this eliminates the need for an extra firewall and gives you better throughput towards the internal network.
Install and maintain a real-time virus scanner Remember, you are opening your door for everything that a client wants to send to you. This package could intentionally or unintentionally contain viruses or a bomb.  Don't skimp on the virus protection package...a good, commercial-grade virus scanner is worth the cost as it protects your entire infrastructure!  McAffee, Norton AntiVirus and CA's eTrust InnoculateIT are examples of commercially available products that do a very good job of protecting against infected files IF you set them up to automatically scan incoming files.  You should also frequently update the Virus signature files.  These files are part of the virus scanner you install and the more current you are on the signatures, the better protected you are.
Don't leave your door unlocked Don't allow anonymous logons.  Beside the fact that anyone anywhere on the Internet can use your system and place all sorts of junk on it, this sort of upload capability can create a real headache for permission management.  It can even get to the point where not even the systems administrator can delete files anymore.  Anonymous logons are a great idea for download and distribution sites for general information.  They should not be allowed for upload sites containing confidential, semi-confidential or private information.  The most efficient way to limit access to your upload server is to have a leveraged userID and password. 

With FTPWatcher, all files are removed from the Internet-facing directory after they are received and any information placed on the server is no longer available from the Web.  This aspect makes misuse unattractive to a high percentage of the hacker community.

Security Consulting is a service we provide.

If you need help with Security, please Contact Us...

Copyright (C) 2003-2009 by In Scope Solutions, Inc.