The underlying issue being anyone other than the admin being able to change anything whatsoever on the filesystem on the firewall. It's for sure not a best practice for end users to save files on the firewall and should be avoided whenever possible. -Shawn ----- Robert Bosch Corporation Technical Systems Analyst (RBNA/CSA1) Corporate Sales Reporting Systems 38000 Hills Tech Drive - Farmington Hills, MI 48331 - USA phone: 1 (248) 553-1164 fax: 1 (248) 848-6969 shawn.quillman@xxxxxxxxxxxx http://www.bosch.us -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, January 31, 2005 9:29 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using FTP for File Transfer to the outside world http://www.ISAserver.org Tom, What about FTP servers that use SSL? Ie. G6 FTP Server 3.x allows the admin to setup a SSL Cert. http://www.gene6.com/ Regards, Andrew -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Monday, January 31, 2005 3:02 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using FTP for File Transfer to the outside world http://www.ISAserver.org Hi Kevin, NO. FTP sites do NOT belong on a firewall. It is as unsecure as allowing a firewall to use TFTP to obtain/backup configuration information. HTH, Tom -----Original Message----- From: KEVIN LOVEGROVE [mailto:kevin_lovegrove@xxxxxxxxx] Sent: Monday, January 31, 2005 1:04 AM To: [ISAserver.org Discussion List] Subject: [isalist] Using FTP for File Transfer to the outside world http://www.ISAserver.org I get a fair amount of requests from users to send/receive 100mb+ files across the net, and obviously want to avoid having them go through Exchange. I would like to set up an FTP site and make this accessible internally and externally. I know I can use FTP User Isolation on my internal W2K3 network, but what I'd like to know is that can I safely publish an FTP site through ISA if it's actually on the ISA Server itself? ISA isn't our frontline perimeter and it has loads of disk space and plenty of processor and i/o capacity to handle the load. But doesn't this create a significant security risk? I'm not too worried about internal users. External users will be vetted through Checkpoint anyway, but I'm just wondering if anyone has any other opinions to offer? Cheers, Kevin ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx