SSH or IPSec for FTP Server

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

How do i enable SSH or IPSec for FTP Server which is running on windows 2000 ?
What are the procedures to follow if i need to secure the FTP Authentication
over network /Internet ?

Regards
San
1 answer Last reply
More about ipsec server
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    There's no SSH in Windows, so IPsec would be your choice if you don't want
    to add third-party SSH.


    On the server, create an IPsec policy with this rule:

    filter list: from any-ip:any-port to my-ip:21/tcp
    filter action: negotiate security, encryption and integrity
    rule: no tunnel, all connections, preshared key authn


    On the clients, create an IPsec policy with this rule:

    filter list: from my-ip:any-port to server-ip:21/tcp
    filter action: negotiate security, encryption and integrity
    rule: no tunnel, all connections, preshared key authn


    This will protect the authentication, but it won't protect data transfer.
    If you do want to protect data transfer, add this rule to the server:

    filter list: from my-ip:20/tcp to any-ip:any-port
    filter action: negotiate security, encryption and integrity
    rule: no tunnel, all connections, preshared key authn


    And add this rule to the clients:

    filter list: from server-ip:20/tcp to my-ip:any-port
    filter action: negotiate security, encryption and integrity
    rule: no tunnel, all connections, preshared key authn


    Note that this will encrypt only port mode file transfers. If the client
    requests passive mode, the transfer will be cleartext (but the authentication
    is still encrypted). Passive mode is difficult to encrypt; the server can
    choose any random high port it wants to for the data transfer. That means
    you'd need this additional filter list on the server:

    filter list: from any-ip:any-port to my-ip:any-port (PASV mode)

    But see what that does? It requires *any* connection from *anywhere* to use
    IPsec!


    Steve Riley
    steriley@microsoft.com


    > How do i enable SSH or IPSec for FTP Server which is running on
    > windows 2000 ? What are the procedures to follow if i need to secure
    > the FTP Authentication over network /Internet ?
    >
    > Regards
    > San
Ask a new question

Read More

FTP SSH Servers Windows XP