× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Glad to see you back on the list.

We have an lpar on our box configured into our dmz as our ftp server. At
ftp.dekko.com.
We have it set up so that if (sample) someone signs on as
joeblow@xxxxxxxxxxxxxxxxx it will then assign an i user profile to work
underneath. Sort of like how you would configure it if you're bold enough
to try anonymous ftp. I know that anonymous ftp scares the heck out of a
lot of people but there are several big names out there doing it.

Our directory structure may look like this:
/FTP/MAJORCUSTOMER/TOGDI
/FTP/MAJORCUSTOMER/FROMGDI
We only let them upload into TOGDI and download from FROMGDI. This stops
the hacker from using your site to store porn, illegal music, etc. What's
the fun of uploading it if your friends can't download it?

We set up that user profile to have a max storage limitation. This will
help to avoid a Denial Of Service attack from filling your disk. Weekly
query emails me of user profiles that have a max storage limitation and
what percentage they are currently at.

I rolled my own FTP exit point program. Perfect? No. Like right now
typing in ftp:\\ftp.dekko.com in Internet Explorer seems to have issues
but running it from Windows Explorer is ok. And someone on the list
pointed out one potential hack that apparently is as well known as sql
injection is to other applications. One of these days I will have to
patch that.

And, yes, we do get a LOT of attempts from the ChiComm's trying to sniff
out ftp sites and guess profiles.

And, like you, it was mainly the email issues that are driving the use
now. Then again the internal user who used a lot of pretty graphics on a
simple Word document to tell us that someone no longer works here and shot
it out to all employees (one page = 21MB times number of employees with
email...) can be a beat on the server also.

We used to lock down the ftp site from the firewall but that was a PITA to
get the consultant to open it up for particular ip addresses. That and
the user from majorcustomer who wanted to log in from anywhere. Or trying
to figure out someone's ip address when their client may say, via
ipconfig, that they are one address but their network may NAT it into any
number of ip addresses.
In summary the firewall was just really slowing down adding users.

You could use a program like StandGuard antivirus, which runs on the i, to
ensure that no virus is uploaded. Perhaps you could even get such a
product to trigger applications. For example, major customer uploaded a
.csv file. Post that into your system as if it was EDI. Might be more
timely, and less of a resource hog, than scanning directories at intervals
to see if something was uploaded.

Cons:
Cost of exit point software.
Cost of antivirus,

Gotta go, Kathy and I are going to Toastmasters and she's waiting by the
door...


Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.