Securing a NetWare 6.5 FTP server....

Hello all....

I have a NetWare 6.5 SP5 FTP server and I am looking into securing the
downloads to it. 

My goals are two-fold:

1. I would like to make it as secure as possible.
2. I would like to make it as easy as possible on my existing users of this
FTP server without compromising goal #1.

How do I do this? (And, please, speak slowly and assume that I know nothing
about setting up an FTP server because I actually know next to nothing.
Detailed instructions are encouraged and would be greatly appreciated.)

Thanks in advance.


 
Delon E. Weuve
Senior Network Engineer
Office of Auditor of State
State of Iowa

0
Delon
1/23/2007 3:50:16 PM
novell.netware.6x.admin-tools 11680 articles. 0 followers. Follow

9 Replies
341 Views

Similar Articles

[PageSpeed] 50

Delon Weuve wrote:

> Hello all....
> 
> I have a NetWare 6.5 SP5 FTP server and I am looking into securing the
> downloads to it. 
> 
> My goals are two-fold:
> 
> 1. I would like to make it as secure as possible.
> 2. I would like to make it as easy as possible on my existing users
> of this FTP server without compromising goal #1.

Use a username and password and set the firewall up front to accept
only ftp connections from predefined IP addresses.


-- 
Cheers,
Edward
0
Edward
1/24/2007 4:03:52 AM
first thing i would do i read the documentation.  but maybe that's just 
me...   :-)


--
Cheers!
    Richard Beels
    ~ Network Consultant
    ~ Sysop, Novell Support Connection
    ~ MCNE, CNE*, CNA*, CNS*, N*LS


0
Richard
1/24/2007 6:01:23 AM
Hello, Edward...

Thanks for the suggestion.

However, that would not make the transmission secure it would only make sure
that the right person is logging in. It wouldn't prevent someone from
eavesdropping and getting the data that way.

Do you know how to get SSL on FTP working on a NetWare 6.5 SP5 server?


 
Delon E. Weuve
Senior Network Engineer
Office of Auditor of State
State of Iowa


>>> On 1/23/2007 at 10:03 PM, in message
<IUAth.6501$Sz4.6232@prv-forum2.provo.novell.com>, Edward van der
Maas<edmaa_remove_this!@and+_this!@myrealbox.com > wrote:
> Delon Weuve wrote:
> 
>> Hello all....
>> 
>> I have a NetWare 6.5 SP5 FTP server and I am looking into securing the
>> downloads to it. 
>> 
>> My goals are two-fold:
>> 
>> 1. I would like to make it as secure as possible.
>> 2. I would like to make it as easy as possible on my existing users
>> of this FTP server without compromising goal #1.
> 
> Use a username and password and set the firewall up front to accept
> only ftp connections from predefined IP addresses.
> 
0
Delon
1/24/2007 2:51:38 PM
Hello, Richard...

I did look at the documentation. There is one paragraph about SSL on FTP but
when I turn it on that way described in the documentation, I am unable to
connect via my FTP client. I'm not sure if it is the server or the client in
this case. I'll be checking on that.

I have also checked the knowledge base, etc... They have lots of information
about how to configuration a client for an SSL connection but very little on
the server side to force an SSL connection.

Any other ideas....??

 
Delon E. Weuve
Senior Network Engineer
Office of Auditor of State
State of Iowa


>>> On 1/24/2007 at 12:01 AM, in message
<VA.00001dd7.0702dd88@technologist.com>, Richard Beels
[SysOp]<beels@technologist.com> wrote:

> first thing i would do i read the documentation.  but maybe that's just 
> me...   :-)
> 
> 
> --
> Cheers!
>     Richard Beels
>     ~ Network Consultant
>     ~ Sysop, Novell Support Connection
>     ~ MCNE, CNE*, CNA*, CNS*, N*LS
0
Delon
1/24/2007 2:59:47 PM
Delon Weuve wrote:

> Hello, Richard...
> 
> I did look at the documentation. There is one paragraph about SSL on
> FTP but when I turn it on that way described in the documentation, I
> am unable to connect via my FTP client. I'm not sure if it is the
> server or the client in this case. I'll be checking on that.
> 
> I have also checked the knowledge base, etc... They have lots of
> information about how to configuration a client for an SSL connection
> but very little on the server side to force an SSL connection.

You'll probably need to import the certificate I'd say in the client.
Not every FTP client has SSL support though.

-- 
Cheers,
Edward
0
Edward
1/25/2007 5:10:58 AM
the bit on how to force an ssl connection is in the docs, configuring 
section...

http://www.novell.com/documentation/oes/ftp_enu/data/a2fbytp.html

you will need to configure the client with the server's cert.


--
Cheers!
    Richard Beels
    ~ Network Consultant
    ~ Sysop, Novell Support Connection
    ~ MCNE, CNE*, CNA*, CNS*, N*LS


0
Richard
1/25/2007 9:17:34 AM
Is this helpful at all?

This related to correctly setting up clients to use SSL FTP once it's 
turned on.
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=10085857&sliceId=&dialogID=25079269&stateId=0%200%2025081989

Came upon it when setting up OpenSSH with SFTP which isn't related to 
SSL FTP. Speaking of that any chance you'd use OpenSSH instead? It's a 
lot more secure than FTP from all that I've read and it's free.

You can use WinSCP to attach to it.

SFTPDRIVE or WEBDRIVE are neat ways to map drives to it.

If you try OpenSSH do it with SP6 on. I had issues with LDAP 
authentication with SP%.

-Nyle

Delon Weuve wrote:
> Hello all....
> 
> I have a NetWare 6.5 SP5 FTP server and I am looking into securing the
> downloads to it. 
> 
> My goals are two-fold:
> 
> 1. I would like to make it as secure as possible.
> 2. I would like to make it as easy as possible on my existing users of this
> FTP server without compromising goal #1.
> 
> How do I do this? (And, please, speak slowly and assume that I know nothing
> about setting up an FTP server because I actually know next to nothing.
> Detailed instructions are encouraged and would be greatly appreciated.)
> 
> Thanks in advance.
> 
> 
>  
> Delon E. Weuve
> Senior Network Engineer
> Office of Auditor of State
> State of Iowa
> 
0
Nyle
1/26/2007 1:40:53 AM
> Is this helpful at all?
> 
> This related to correctly setting up clients to use SSL FTP once it's 
> turned on.
>
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=10085857&sliceId=&dialogID=25079269&stateId=0%200%2025081989
> 
> Came upon it when setting up OpenSSH with SFTP which isn't related to 
> SSL FTP. Speaking of that any chance you'd use OpenSSH instead? It's a 
> lot more secure than FTP from all that I've read and it's free.
> 
> You can use WinSCP to attach to it.
> 
> SFTPDRIVE or WEBDRIVE are neat ways to map drives to it.
> 
> If you try OpenSSH do it with SP6 on. I had issues with LDAP 
> authentication with SP%.
> 
> -Nyle
> 
> Delon Weuve wrote:
> > Hello all....
> > 
> > I have a NetWare 6.5 SP5 FTP server and I am looking into securing the
> > downloads to it. 
> > 
> > My goals are two-fold:
> > 
> > 1. I would like to make it as secure as possible.
> > 2. I would like to make it as easy as possible on my existing users of this
> > FTP server without compromising goal #1.
> > 
> > How do I do this? (And, please, speak slowly and assume that I know nothing
> > about setting up an FTP server because I actually know next to nothing.
> > Detailed instructions are encouraged and would be greatly appreciated.)
> > 
> > Thanks in advance.
> > 
> > 
> >  
> > Delon E. Weuve
> > Senior Network Engineer
> > Office of Auditor of State
> > State of Iowa
> > 
I agree use SSH :) 
0
plonker26
2/16/2007 4:58:18 AM
I'm not an SSL expert, but I have a lot of experience with using FTP over 
SSL with NWFTPD.NLM.  I'm more of an expert on the FTP side.

NetWare FTP server (NWFTPD.NLM) on NW 6.5 is capable of doing secure FTP 
per RFC 2228.  This is one of those things that as far as what the FTP 
server can control, it "just works" and there is almost nothing to 
configure.  The only thing that you can do with NWFTPD do effect this is 
the setting which determine whether you will allow both secure and 
unsecure connections, or just secure ones.  SECURE_CONNECTIONS_ONLY=YES/NO

As far as what might be wrong if it doesn't "just work":

NWFTPD doesn't support 'implicit' SSL connections, only "explicit".  Some 
FTP clients let you select which type.

Beyond that, either something else is wrong at the client, or something 
is wrong with your NetWare certificate server or the certificate itself.

NWFTPD is hard coded to use SSL CertificateDNS - <servername> so if that 
certificate has a problem, FTP can fail to do secure connections.

Some people test SSL / certificate server by doing a https (secure) 
connection to Portal on that same server, and then if that works they 
think they are fine.  But portal uses SSL CertificateIP by default. If 
you want to test portal using SSL CertificateDNS, httpstk.nlm must be 
loaded differently than the autoexec.ncf normally does it:

NORMAL:
load httpstk.nlm /SSL /keyfile:"SSL CertifiateIP"
TO TEST THE OTHER CERTIFICATE:
load httpstk.nlm /SSL /keyfile:"SSL CertifiateDNS"

(note that the quotes are part of the syntax)

If portal fails either way, then it's a general SSL issue.  If it fails 
just with SSL CertificateDNS, then it's specific to that cert.  
PKIDIAG.NLM may help, either way.

There is no need to import any certificate to the client.  NWFTPD doesn't 
need to receive a cert from the client or anything like that. My 
understanding it that it won't hurt anything to have a client side cert, 
but it doesn't actually accomplish anything when used with NWFTPD. But 
I'm not sure about that part.  I just know that NWFTPD doesn't require 
the client to have a cert of it's own.
0
notmy
3/15/2007 4:29:42 AM
Reply:

Similar Artilces:

Netware 6.5 Server with a Netware 5.0 Server?
We want to install a new Netware 6.5 server in an environment that has two 6.0 servers and 2 Netware 5.0 servers on the same tree. We are running 8.6.2 e directory on the 6.0 boxes and 8.0.6 NDS on the 5.0 boxes. Are there any problems with this setup,or should we be installing 6.0 instead? Thanks in advance. Dennis Dennis, > We are running > 8.6.2 e directory on the 6.0 boxes and 8.0.6 NDS on the 5.0 boxes. Are > there any problems with this setup,or should we be installing 6.0 instead? > According to: http://support.novell.com/cgi-bin/search/searchtid.cgi?/...

NetWare 6.5 SP8 co-exist with NetWare 6.5 SP7 servers?
I really don't want to install SP8 on the NetWare server as I am working on moving Netware to OES Linux. However, I need to upgrade to GroupWise 8 soon so plan to upgrade to GroupWise 8 on NetWare server which requires NW6.5SP8. All other 10 NetWare servers are on version 6.5 SP7 and I only intend to upgrade one server to NetWare 6.5 SP8. Does anyone see issue with that? I assume eDirectory does not chance with the installation of SP8. I am running eDirectory v 8.7.3.0. Regards Andy -- andyj2009 -----------------------------------------------------------------------...

Netware 6.5 server abends when trying to backup Netware 5.1 GW Server
I am trying to backup a netware 5.1 GW server from my new 6.5 server (all support packs are in). I am using brightstore 9 and am able to back up the 6.5 server but I get a Abend 1 on P00: Server-5.70.02: Page Fault Processor Exception (Error code 00000000)fstape.nlm error when I try to back up the netware GW server. It seems to get to a certain step and then abends. with: Any help would be appreciated. Server ELBA-FS halted Tuesday, August 3, 2004 7:35:47.545 am Abend 1 on P00: Server-5.70.02: Page Fault Processor Exception (Error code 00000000) Registers: CS = 0060...

move a netware 6.0 dns and dhcp server to a netware 6.5 dns and dhcp server
would appreciate if someone can step me through how to achieve above. I have checked all Novell tid and discussion forum and could not find steps referring to moving both dns and dhcp servers from a netware 6.0 sp4 server and to netware 6.5 sp4 server. Wai Chu In article <a4k8g.4419$U_.1361@prv-forum2.provo.novell.com>, Wai Meng CHU wrote: > could not find steps > referring to moving both dns and dhcp servers from a netware 6.0 sp4 server > and to netware 6.5 sp4 server. > That's because it's the same as long as you're moving from NW 5.0 ...

Migrating Netware 6.5 servers into a Netware 5 tree
We are currently running 4 Netware 5.0 servers with DS 7.58 installed. We want to migrate these servers over to newer servers that have Netware 6.5 freshly installed. We were wanting to do this one server at a time. What do we need to do to our existing tree in order to bring our Netware 6.5 servers over into the tree? Download the NW65sp1a overlay ISO and burn it to a cd (There are several CDs in the SP1a set). Run NWDeploy.exe from the root of the OS CD. THis will prepare the tree for your first NW6.5 server. -- Timothy Leerhoff Principal Consultant Independant Experts...

migrate DNS from a netware 5 server to a netware 6 server
Are there any instructions for moving the dns from a netware 5 server to a netware 6 server and maintaining the databases? I don't want to have to reenter all of my special DNS info again. Also, when I change the DNS server, I would like to maintain the same IP address for the DNS service. I know I could do an add secondary ipaddress, but is there anything I need to do in the DNS setup to have it respond to that secondary ipaddress rather than the ip address that is on my netware 6 server already? If the 2 servers are in the same NDS tree, simply create the ...

Netware 6.5 Server in a Netware 6.0 Tree
Created a Netware OES server and placed in a predominantly 6.0 Tree with appropriate 6.0 user licenses. My question is "what do I need to do to begin using it as a resource in that tree?" Will all users be able to access the 6.5 server as it stands? On Wed, 10 Aug 2005 15:04:25 GMT, tomm@juice4u.com wrote: >Created a Netware OES server and placed in a predominantly 6.0 Tree with >appropriate 6.0 user licenses. My question is "what do I need to do to >begin using it as a resource in that tree?" > >Will all users be able to access the 6.5 server a...

Upgrading a Netware 5.1 server to Netware 6.5
I am part of a large tree. Before starting upgrade of Netware 5.1 server to Netware 6.5 I ran dsrepair and received no errors. During the Health check of the upgrade I received two warnings. They are Warning extend schema and repair schema. All the primary servers in the tree have already been upgraded to Netware 6.5. The admin of the primary servers control extend the schema. I am trying to find out if the warnings I received is something they need to repair or is there something else I need to do on my own server? I would appreciated any help I can get. Thanks Michel...

1000 UNIT NetWare 6 Server LICENSE (netware 6.5)
what it means?????????????????????????? i dont need user licence to access /connect server thorugh users/computer (till 1000 no.s) it shows no. of unit 1000 used :1 unit please explain -- Rajnish Pati ------------------------------------------------------------------------ Raj delhi, > i dont need user licence to access /connect server > thorugh users/computer (till 1000 no.s) > > it shows no. of unit 1000 > used :1 unit > > please explain > Please type VERSION at the server console. Does it say "unlimited" or "a...

Installing first Netware 6.5 server into an all Netware 6 Tree
Is there a problem if I install a Netware 6.5 server as a Read/Write replice into an all Netware 6 tree. Will there be any problems installing since it won't be a master. Is there a edirectory version? any documents on this? > Is there a problem if I install a Netware 6.5 server as a Read/Write > replice into an all Netware 6 tree. > > Will there be any problems installing since it won't be a master. Is > there a edirectory version? any documents on this? Read/write replica of the root partition, or read/write of some other partition? ...

Installing NetWare 6.5 server into NetWare 6.0 only tree
Hi, Does anyone know of any preresequites or concerns of adding new NetWare 6.5 servers into a tree which only contains two NetWare 6.0 servers? The NetWare 6.5 servers will be clustered. Thank you! Mark, > Hi, Does anyone know of any preresequites or concerns of adding new > NetWare 6.5 servers into a tree which only contains two NetWare 6.0 > servers? The NetWare 6.5 servers will be clustered. Run the NWDeploy.exe from the OS CD, run the Extend schema and prepare network options. On Feb 1, 6:09 pm, Hamish <ham...@haitch.net> wrote: > Mark, > &...

Install a Netware 6.5 server into Netware 5.0 network
Hi all, Is anyone aware of any implications of doing the above? Running DS v7.60c, not using Groupwise, Zenworks etc. Thanks in advance, Reece Have a good long read http://www.novell.com/documentation/lg/edir87/index.html?page=/documentation/lg/edir87/edir87/data/a2uci7d.html Tim On Thu, 17 Jul 2003 13:28:15 GMT, Reece <reece.percival@snellwilcox.com> wrote: >Hi all, > >Is anyone aware of any implications of doing the above? Running DS >v7.60c, not using Groupwise, Zenworks etc. > >Thanks in advance, > >Reece No Direc...

installing netware 6.5 servers into a exisiting netware 5 tree.
Currently have Netware 5.0 Servers sp4 and some sp5 We intend to install two new cluster servers running the latest version so would like to install two 6.5 Netware Servers which includes a 2 node cluster. Is it possible to install netware 6.5 into my existing Netware 5.0 network. Also we currently are running a 2 node cluster on netware 5 running the first ver of cluster servers 1.0. We found that this version wouldnt support our subnet mask of 255.255.240.0 but only the default one 255.255.255.0. Can the new version of cluster services support 255.255.240.0 Regards. &g...

Installing Netware 6.5 Servers into a existing Netware 5 environment
We currently have a Netware 5 environment using sp4/sp5 We also have the original cluster services 1.01 running under netware 5. We intend to install a new SAN which will be clustered using 2 new Netware 6.5 Servers. What is the best approach to installing Netware 6.5 in our current environment, should I install the new Netware 6.5 Servers into a new tree, but then how will they communicate with the exisiting Netware 5 Servers. Can I install the Netware 6.5 Server into the exisiting 5 environment and then in the future upgrade the current 5 Servers. Thankyou and best regards ...

Web resources about - Securing a NetWare 6.5 FTP server.... - novell.netware.6x.admin-tools

Securing Email Communications from Facebook
It's very important to us that the people who use Facebook feel safe and can trust that their connection to Facebook is secure; for instance ...

Securing Graph API Calls - Facebook-Entwickler
Graph API calls can be made from clients or from your server on behalf of clients. Calls from a server can be better secured by adding a parameter ...

Securing your Twitter experience with HTTPS - Twitter Blogs
... makes your Twitter experience more secure by protecting your information, and it’s especiall... Skip to main content Sign in Search Securing ...

Securing the landing zone - Flickr - Photo Sharing!
U.S. Army 1st Sgt. Gerald Eagan, with the 6th Engineer Battalion, throws his rucksack in front of him while pulling security on a remote mountain ...

Securing the Campaign [29c3] - YouTube
Securing the Campaign Security and the 2012 US Presidential Election This talk will go into some of challenges, solutions, and stories from securing ...

AFC president calls for more on-pitch success from Asian nations after securing a new term - The National ...
The Asian Football Confederation (AFC) is more united than it has been before but its teams must do better on the field, Shaikh Salman Bin Ebrahim ...

IN PICTURES: Securing the journey to the Cloud roundtable
... to discuss the journey towards the cloud. ARN in conjunction with itX, Trend Micro and VMware hosted the exclusive discussion on the securing ...

Australian soldiers to back up police in securing Ukrainian site of MH17 crash
A small number of Australian soldiers will be deployed to back up police charged with securing the crash site of MH-17 in Ukraine.

Jarryd Hayne's US agent Jack Bechta says interest growing quickly but he's still a long way from securing ...
In an exclusive interview with Fairfax Media, Jarryd Hayne's US agent Jack Bechta tells Michael Chammas his superstar client is attracting incredible ...

Securing the network beyond passwords - consumerization of IT, BYOD, MDM, Networking, security, wireless ...
Passwords have been a weakness of network security since the development of computer networks. Through guessing weak passwords, exploiting weak ...

Resources last updated: 12/3/2015 11:13:30 PM