From proff  Sun Jun  2 03:46:54 1996
Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id DAA15285 for best-of-security; Sun, 2 Jun 1996 03:46:54 +1000
Received: from phoenix.iss.net (root@phoenix.iss.net [204.241.60.5]) by suburbia.net (8.7.4/Proff-950810) with SMTP id CAA13119 for <proff@suburbia.net>; Sun, 2 Jun 1996 02:53:21 +1000
Received: (from majordom@localhost) by phoenix.iss.net (8.6.13/8.6.12) id LAA22039 for nt-out; Fri, 31 May 1996 11:52:42 -0400
Received: from dogbert (dogbert.iss.net [204.241.60.146]) by phoenix.iss.net (8.6.13/8.6.12) with SMTP id LAA22031; Fri, 31 May 1996 11:52:39 -0400
Message-Id: <2.2.32.19960531155142.00337924@mail.iss.net>
X-Sender: dleblanc@mail.iss.net
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 31 May 1996 11:51:42 -0400
To: anders.sandell@sakdata.se
From: David LeBlanc <dleblanc@iss.net>
Subject: Re: [ntsec] NT-ftp server
Cc: ntsecurity@iss.net
Sender: proff
Errors-To: majordomo-errors@iss.net
Precedence: bulk
Reply-To: David LeBlanc <dleblanc@iss.net>

At 09:11 5/29/96 +100, you wrote:
>
>I'm setting up an NT-ftp server (anonymous ftp) using the ftp-server shipped 
>together with NT.

The default FTP server that ships with NT is a major security headache.  The
problem is that you can set up your FTP site in c:\ftp, but when a user
connects, they can then execute a cd c:\winnt35\system32, and be in your
system directory (assuming they have permissions).  There are a few ways you
can get around this difficulty - if you can repartition, the safest thing to
do is put the FTP directory at the root of a partition, and give the FTP
service no access to any other drive.  Failing that, you can go through
(command line is best) and remove all permissions from "everyone", and then
make sure the FTP anon user has no access to anywhere outside the ftp tree.

The good news is that there are a couple of 3rd party shareware FTP servers
for NT that do a better job, and that the FTP server which will be in NT 4.0
doesn't have these problems.  Also, since you are running the server, you
can download IIS, which also has a much better FTP server.

IMHO, I wouldn't use the NT 3.5x FTP server for serious use.


David LeBlanc                   | Voice: (404)252-7270
dleblanc@iss.net                | Fax:   (404)252-2427
Internet Security Systems, Inc. | E-Mail:  dleblanc@iss.net  
Ste. 115, 5871 Glenridge Dr,    | www: http://www.iss.net/
Atlanta, GA 30328               |