-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thor (Hammer of God) Sent: Tuesday, 22 January 2008 5:25 AM To: [email protected] Subject: RE: FTP on IIS
> Indeed - I've been running 2008 for a while now. There are some very > cool security mechanisms built in - but, they will no doubt trip some > people up... (like how you can't copy content to web source directories > over the network, or how you can't directly edit web content in those > directories). Can you elaborate on this please? There's nothing special about "web source directories" (I assume you mean folders that store files that are published via IIS 7.0 over HTTP)? > Native FTPS in 2008 IIS is quite nice, actually. Yes - it supports FTPS so you can encrypt your username/password (or optionally, everything) - this is assuming you download/install the FTP 7.0 module from www.iis.net. > But, IIS6 is still a fine option - it is and has been secure OOB for a while But you have to send your username/password in clear text across the network. Cheers Ken > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer > Sent: Sunday, January 20, 2008 10:15 PM > To: [email protected] > Subject: RE: FTP on IIS > > Alternatively, if you can wait a few weeks, then Windows Server > 2008/IIS 7.0 supports FTPS > > Cheers > Ken > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Mark J. > Sent: Saturday, 19 January 2008 9:21 AM > To: [EMAIL PROTECTED]; [email protected] > Subject: RE: FTP on IIS > > IIS 6, which comes with Windows Server 2003, is quite secure out of the > box. Most of the evil holes that were present in IIS 5 and earlier > have > been patched. If you're forced to use IIS 5 or lower, I agree with all > the other comments. Use something else. > > When you select to install IIS, the minimum components needed for > static > HTML pages are already selected. For FTP, just deselect the web > components and install the minimal FTP components. > > I would suggest using local GUEST accounts for authentication. I would > also suggest placing the FTP root on a separate partition with no other > files. Do not place the FTP root on the system partition. > > Do a Google search on "windows ftp security" for articles on setting up > Windows 2003 FTP. > > > -----Original Message----- > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > > [EMAIL PROTECTED] > > Sent: Friday, January 18, 2008 10:58 AM > > To: [email protected] > > Subject: FTP on IIS > > > > I'm preparing to build a new FTP server using IIS (or an IIS server > using FTP??? I'm not > > sure). Anyway, I was wondering if anyone could recommend some good > sources on how to lock > > it down. I need to configure it for an FTP site that anyone can get > to and one that is > > password protected. Thanks in advance!
