Home Internet sharing devices like Cable/DSL routers are very common, and almost all come with some form of firewall that is enabled by default. To successfully pass FTP traffic through these devices, you will need to create a 'virtual server' entry in the setup of
your Internet sharing device. Pictured below is an example of this from an SMC Barricade home DSL/cable router.
A virtual
server is an instruction to your Internet sharing device
telling it to forward any traffic it
receives on a specified port to a specific computer inside your network. For
example, if you create a virtual server for port 21, IP address 192.168.5.220,
your internet sharing device will listen for traffic coming in on port 21, then
pass that traffic through the firewall to the computer with that IP
address.
Though the instructions will vary depending on the brand of your
device, what you will need to do is find the 'virtual server' setup section (or equivalent),
and specify the IP address of the computer that is running
the FTP server (to find this, go to start\run and type
'cmd' then 'ipconfig.'). You will
need to enter port 21 for data coming into and out
of the router.
Once this
is saved, FTP information will be able to pass through your firewall. For more
information on firewalls and their configuration, see our Beginner's guide to firewalls and Internet security here.
FTP security
Important topic.
The problem with FTP is that, by default, it is an extremely
insecure protocol. Usernames and passwords are not encrypted in any way
when they are sent from the client to the server, and so are
prime targets for anyone intercepting network packets between your server and your
clients.
This is the reason that the Windows FTP
server software recommends that you use only anonymous access for your FTP site,
as the alternative is to use valid user accounts from your XP
installation.
If these credentials are intercepted, they could be used to
severely compromise the security of your entire system, never mind your FTP site. Hence the recommended practice for home users is to allow anonymous
access to the FTP site directory and simply not place sensitive files there. Obviously, this is not going
to meet everyone's needs, so there are alternative methods of securing FTP
transactions.
Generally
speaking, these involve using SSL (Secure Socket Layer) or some other encryption
method to encrypt the plain FTP information, creating a secure channel between
the client and server. Ffor more information on SSL and other methods of
encryption, see PCSTATS' Beginners Guide to encryption here .
Most third-party FTP server software packages support encryption as part
of the FTP program itself, but using IIS for Windows XP,
the only possible method of security is to use a method
that encrypts all traffic between the server and a specific client, such as
a VPN (Virtual Private Network). For more information on how to set up Virtual
Private Networks, see PCSTATS' Guide.
Serv-U
supports creating an SSL certificate within the program for encrypting traffic,
but only in their commercial versions of the program. The free personal edition
does not have this feature.
So to sum up, unless you have
specifically placed security measures, assume that all FTP traffic is inherently
insecure. Therefore, don't put data in your FTP site that you would not want
seen by the general public. Don't be scared away from it though, since the fact
that anyone can access your FTP site does not affect the security of the rest of
your system unless you are using your Windows user accounts with IIS.
If you have any comments or questions, please post them in the PCSTATS Forums. Find out about this
and many other reviews by joining the Weekly PCSTATS Newsletter today!
Catch all of PCSTATS latest hardware reviews right here.
RSS Newsletter
