Secure FTP Server with Windows Server 2008

FTP is an unsecured protocol, it transmits data without performing encryption so that users may encounter risks when using this protocol.
Network administration - Creating an FTP service with ISA Server 2006 is quite simple because ISA Server 2006 integrates a specialized wizard to create an FTP Server. However, what do we need to do to secure this server?

FTP is an unsecured protocol, it transmits data without performing encryption so that users may encounter risks when using this protocol. A more effective method is to use the FTPS (FTP over SSL) protocol, which provides the protocol for transmitting data. Configuring ISA Server to create FTP is complicated because we will have to manually create a protocol definition for FTPS and the port area that the FTPS connection uses.

First, we will proceed with configuring the Publishing Rule for ISA Server 2006. Open the ISA Server 2006 MMC , go to the Firewall Policy node and create a new Publishing Rule . Then name this new rule. Suppose the name for this rule is FTPS-Server .

Secure FTP Server with Windows Server 2008 Picture 1Secure FTP Server with Windows Server 2008 Picture 1

Figure 1: Name the new Publishing Rule on the Welcome page of
New Server Publishing Rule Wizard.

When you click Next , you will be taken to the Select Server page. Here you enter the IP address of the FTP Server you want to create. The created FTP Server must be a Secure NAT workstation.

Secure FTP Server with Windows Server 2008 Picture 2Secure FTP Server with Windows Server 2008 Picture 2

Figure 2: Enter the IP address for the FTP Server you want to create.

Because ISA Server 2006 does not have an integrated protocol definition for FTPS to use, we will have to manually create the protocol definition. We need to use a protocol definition for the standard FTP protocol port and an FTP connection port area to use (must be a similar port area configured at the protocol support setting of the firewall system above). FTP Server.

Secure FTP Server with Windows Server 2008 Picture 3Secure FTP Server with Windows Server 2008 Picture 3

Figure 3: Select the protocol on the Select Protocol page.

On the Select Protocol page, click the New button, and you will see the New Protocol Definition Wizard appear. At the Wizard's Welcome page, enter a name for the protocol definition and click Next .

Secure FTP Server with Windows Server 2008 Picture 4Secure FTP Server with Windows Server 2008 Picture 4

Figure 4: New Protocol Definition Wizard.

Next choose TCP protocol type , Direction is Inbound and port definition is 21 to 21 .

Secure FTP Server with Windows Server 2008 Picture 5Secure FTP Server with Windows Server 2008 Picture 5

Figure 5: Port area of ​​FTPS protocol.

When a second protocol area enters the same IP address for the designated port area in Firewall Properties of the FTP Server configuration.

Secure FTP Server with Windows Server 2008 Picture 6Secure FTP Server with Windows Server 2008 Picture 6

Figure 6: Definition of the entire protocol.

We do not have to specify a secondary connection. Instead, specify the Listener (TCP / IP processor) for the network that ISA Server 2006 receives FTP traffic on. This is a common external network definition. If there are multiple IP addresses connected to the external network interface, you will have to explicitly enter the IP address on the ISA Server that will receive the traffic on it.

Secure FTP Server with Windows Server 2008 Picture 7Secure FTP Server with Windows Server 2008 Picture 7

Figure 7: Listener option for ISA Server.

Then click Next then Finish and Apply .

Important:

FTP-Filter does not need to be enabled for the new FTPS protocol definition so you must ensure that this option is aborted in that protocol definition.

After we have completed all the settings on the ISA Server page, then we need to configure the FTP Server on the Firewall.

Note:

If you use Windows Server 2008 you will have to download and install the Microsoft FTP service yourself from http://www.iis.net website.

Windows Server 2008 R2 version integrates the correct FTP Server version in the Windows Server 2008 R2 Server Manager Roles configuration as shown in Figure 8.

Secure FTP Server with Windows Server 2008 Picture 8Secure FTP Server with Windows Server 2008 Picture 8

Figure 8: Installing the FTP service.

Since we will use FTPS on the FTP server, we will have to specify the port area for the FTP data channel. The port area we enter here must be the area in the protocol definition at ISA Server. In addition, we also have to specify the external IP address of the firewall system, which is usually the IP address of the firewall system that is directly connected to the Internet. Then Click Apply to activate the new settings in the IIS configuration.

Secure FTP Server with Windows Server 2008 Picture 9Secure FTP Server with Windows Server 2008 Picture 9


Figure 9: Support FTP Firewall.
We can now connect from the Internet to an internal FTPS server via ISA Server 2006 with the desired FTP client application with support for FTP over SSL (FTPS). If the connection fails, please check the settings connected to the FTP configuration in IIS and if a secure FTP connection is still not deployed you need to check in ISA's real-time control system. Server 2006 to see what was blocked.

In this article we have learned how to create a secure FTP Server that runs on Windows Server 2008 with ISA Server 2006. ISA Server 2006 has a number of built-in tools to create an FTP Server but by default do not have tools. Which helps create secure FTPS protocols. To create an FTPS Server we will have to configure some additional settings on Windows Server 2008 and some installations on ISA Server 2006.
3.5 ★ | 2 Vote