EA4500 Router FTP Server Security

Similar Questions

• EA4500 FTP server remote access fails with active firewall

  I tried to access my drive connected to the USB port of the EA4500 remotely and it didn't until I disabled the firewall SPI IPv4/IPv6 options. If anyone else noticed that? Surely, the firewall must not block the own FTP server on the router!

  P.S. A friend with an EA3500 had the same problem.

  After the reset, all you need to do is to activate the FTP and uncheck the "block Internet applications anonymous" and it will work.

  Speaking from my own experience, it you start to turn things market... and offshore and on... something is finally going to get messed up in the router and ask you to do a hard reset.

• Security and restricting access to an FTP server

  I did a search here on the forums about this and I wasn't able to find a good topic for my questions yet, if there is a debate currently on the forum, please forgive me and I would be grateful for a link. Anyway, my situation:

  I have an ASA firewall and I have never set up an FTP server for a large-scale network (good in my opinion). I want to ensure that we have the highest security level optimal for FTP and restrict only specific users designated by an ACL. SFTP would be the best option available for the security measures? Should I only use the passive FTP mode and range of ports above 1023 do I open for only 1 or 2 FTP clients at a time? Also if I use passive mode do I need to use FTP protocol control?

  In addition, currently, I'm not sure what files need to be available on our network, but the SFTP server always must be installed in the demilitarized zone?

  Thanks for any advice,-Mark

  To activate the SFTP-server on the computer where the data resides is easy, but far not the safest option.

  There are a few more ways to better ensure that. What about:

  -Place the SFTP-server in the DMZ and let this server access the internal server via a fileshare. If someone takes your SFTP server, so it cannot directly a system in the internal network under its control.

  -If the data display, data cannot be copied or synchronized to the DMZ-SFTP-server once the changes.

  SFTP is based on SSH, so it works entirely on a port which is usually TCP/22.

  --
  Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
  http://www.Kiva.org/invitedBy/karsteni

• Problem with connecting to the usb storage to the EA4500 via ftp from the internet

  I have trouble to configure my EA 4500 as an FTP server.

  I followed all the instructions according to the manual, but cannot access the USB I connected tot the EA4500 of the internet.

  When I try to connect my own network, everything works fine.

  The configuration I have at home is as follows:

  Cable modem ISP--> EA4500--> all computers.

  As said, I use the EA 4500 as an FTP server.

  If I install an FTP server on one of the computers on my home network and transfer the correct port on the EA4500 for this PC everything works fine and I have access to the internet. Unfortunately, it won't work when using the USB plugged into the EA4500...

  Any help would be great!

  TIA!

  When you go to the EA4500 configuration page, have you enabled the FTP server function?

  When I set mine up, I have was go the section when you set up the USB (shares, etc.) and turned on FTP.

  In the security of the router Security tab, I uncheck the 'Block anonymous Internet requests.

  I do know for sure that you have to uncheck this box, but I always turned off this box, just out of habit when setting up a llinksys router.

  In any case, this is what I did and it worked fine.

  The only other thing I can think is... Your modem is perhaps a nat router. And you have the EA4500 operating on a different subnet. And your modem may possibly be block it.

  What is the brand and model of your modem.

• My router is actually secure?

  I'm wondering if what follows what I've done is the best possible, if there is any means possible to improve security:

  I have a WRT320N

  • SSID: just let it spread. Delete this show will not improve the overal security. SSID will be shown even if you Devil shows periodic.
  • Change the default name of the router to something that leaves not hear it's location or name brand/type
  • change the default password (the one to access the router from your browser)
  • Disable remote management: don't want any person who uses a Wi - Fi connection to try to hack my router
  • Disable Upnp, the automatic configuration of the router has possible security leaks.
  • use WPA2 Personal (just choose the highest encryption) and using the combination of numbers and long, uppercase letter, tiny you can think off.
  • MAC filtering can be set on, but hackers can clone the MAC address, the extra security is questionable.
  • Isolation of the AP: prevent users from wi - fi on my router to access to eachother, isolate all users connection wi - fi to eachother.
  • turn on the SPI Firewall: blocks incoming network packets from the internet. And have not started by me: internet to port 80, my firefox tries to open a Web page, these type of incoming packets will be accepted by the router without the internet to my computer.
  • Use webfilter and prevent any network with proxy, java, activex package to switch my router: at this moment I'm block the proxy. I'm filtering the Web casts.
  • Block all ports except 20,21,25,53,80,110,443. (port range is 0 to 65523) Block protocols UDP and TCP for all IP 192.168.0 to 192.168.0.254 addresses so only the mentioned ports are allowed to use.

  Thanks for helping out.

  • Re SSID broadcast.

    1 correct. Even with the SSID broadcast disabled the router will still broadcast a recurring tag that means a wireless scanner will resume immediately the existence of a wireless network.

    2. the SSID is transferred in plain text in the connection with the router. A network sniffer will learn the SSID for the moment that a (legitimate) device connects to your network.

    3. by sending packets of thugs to the AP, it is easily possible to dissociate a connected wireless forcing a new association. This way you can learn the SSID immediately.

    1-3 means a SSID of the AP wireless with SSID broadcast disabled is unknown as long as no wireless device is connected to the router, because there is no way to force a link to a legitimate device demand. Some people believe so disabled SSID broadcasting is an important way for increased security, particularly when the wireless is not used very often. Of course, if you don't need the wireless for most of the time you need to turn off completely.

    However, to disable the SSID broadcast technically breaks the standard 802.11 standard and is known to cause problems of connectivity and stability with some wireless cards. Therefore, I usually recommend is not to disable the SSID broadcast.

  • Re "the router by default name". If you mean the SSID, of course, change is important. Especially to prevent your wireless devices to connect to the router of your neighbor who is using the default SSID.

    It is not necessary to change the name of "router" on the master installation. It is only necessary to connect internet and only if required by your ISP.

  Change the SSID or "router name" will not change the MAC address on the wireless. The first half of this MAC address will reveal the manufacturer (Linksys or Cisco)

• Relative to the remote management. Disabling remote management is good. Of course, make sure that it really works. Some routers have a bug in the firmware that opened the web interface for the internet, regardless of this setting.
• Re UPnP. Fix. It must be turned off at any time.
• Re personal WPA2 with AES encryption only and a strong password is the best wireless security, you can have it right now. Password can be up to 63 characters.
• Re wireless mac filtering: MAC addresses are always transferred unencrypted (with WPA2) and are easily cloned. So, a simple network sniffer is able to collect the MAC addresses of legitimate devices that you can use to connect.
• Re of isolation AP can be used if no wireless - wireless connection is necessary. Of course, if an attacker has hacked your wireless network, it can try to hack your router here. The protection of the web interface of the side LAN is quite low.
• SPI Firewall re. Must be enabled. This prevents the internet router.

What you write in this topic is protection"because of the NAT, or because you are using private IP addresses. NAT, technically, does not block unsolicited inbound traffic. It simply drops unsolicited inbound traffic because he doesn't know what to do with it, that is, he doesn't know where to deliver unless you configure port forwarding automatic or similar. By design, NAT is not a security mechanism as its design is intended to allow the connections, not to block them. Some implementations of (older) NAT tried to deliver inbound unsolicited by some heuristics. Some (older) NAT implementations have features to support FTP (to do FTP works fine through a NAT router) which led to any open port on the router.
• Re webfilter: depends. Will cause problems with HTTPS web sites like HTTPS requires security to - end.
• Re blocks all ports except 20,21,25,53,80,110,443. Well depends on once again. In your list, for example, you block the port 995 (POP3S) and accept only 110 (POP3). Depending on your e-mail client and the pop server, this can lead to a connection that is not encrypted between the client and the server because port 995 is not accessible. Similar with the port 25 (SMTP). Some web servers running on port 8080 or other ports that will not or only partially work (because some content is on a webserver with the different port number).

  Technically speaking, your block probably list more will affect you and your ability to use the more secure protocol which may be currently on your block list. In addition, as most of the people have ports 80 and 443 open for outgoing traffic most malware uses to talk to the outside. So your good list that the idea seems good probably won't help you.

  So I would say in most home networks such a blocking list based on a list of a few exempt ports will really not help your security and for the most part will cause problems for you and nothing else. Such a list will work in a business setting where you can refine the traffic authority very well. But to use domestic and general habits that it won't really work for navigation.

  In addition, I think that you can not set up such a list on a Linksys router. You can only block the ports, but not all ports except a few.

• Another extremely important point missing from your list: always change the router password (admin) in a password strong. But I guess you already did this, too.

Overall, I would say that all you have reason...

• Configure an FTP server behind ASA 5505, need some sort of port forwarding

  My company uses a Cisco ASA 5505 Adaptive Security Appliance, and I'm trying to set up an SFTP server which is accessible from the Internet.

  Is it possible to simply configure port forwarding to my FTP port (4610) to the IP with the server, as I would on a simple Linksys router? Or I have to put in place a sort of demilitarized zone?

  Any help would be greatly appreciated.

  No, you do not necessarily have a demilitarized zone, inside works perfectly. I guess you want to use the ip address of the external interface of the ASA for this? If so, it would looks something like this. Where x.x.x.x is the ip address of the inside/private of the ftp server.

  public static 4610 4610 netmask 255.255.255.255 x.x.x.x interface tcp (indoor, outdoor)

  outside_access_in list extended access permit tcp any interface outside eq 4610

  Access-group outside_access_in in interface outside

• Firefox blocks access on port 21 on my FTP server. How to remove the block?

  FireFox crashes me access to my FTP server at home on port 21. There must be a relatively simple way to remove this block. Where and how can I remove it?

  See also:

  • http://www.Mozilla.org/projects/netlib/PortBanning.html
  • http://KB.mozillazine.org/network.Security.ports.banned.override

• WAG320N FTP server not accessible from the internet.

  I had a problem with my WAG320N for quite awhile.

  I add a hard drive 1, 5 TB usb port and I can access to the LAN.

  Now I want to take a step further and be able to access it from the outside.

  I enabled the FTP server and Internet access.

  I was play within the parameters of safety etc. but with no luck

  Why you changed the ip address of the router to 192.168.1.2. ?

  Try to update firmware of the router. After upgrading the firmware, reset the router and re - configure from scratch. Now, simply activate the FTP server on the router and check.

• WRT160NL ftp server set up

  Hello! I m relatively new in the arena of router´s and the I m of learning (sorry if I make stupid questions), in this case I m trying to access the usb connection of the internet storage (Yes, I ve set up DDNS and also I ve the WRT160NL in DMZ mode) and I ve had some problems "cascading" correctly the Linksys router and the the my ISP's who is a modem/router.

  While I was reading the discussions related to the storage of that link it am fell on this screenshot a WRT600N where FTP set up is fairly simple. My question is: how will I achieve the same for the WRT160NL? Although it would be great, I m does not have the same user interface, but perhaps a set of instructions... is this possible?

  Thank you!

  Unfortunately WRT160NL doesn't have the function "FTP server". Routers like WRT350N, WRT600N, WRT610N, E3000 has this function.

• E4200 V2 - cannot access the FTP server build - in Internet

  Hello.

  I just bought a new E4200V2.

  I have a static IP and I would like to make the built-in FTP server accessible from the Internet.

  The server is accessible behind the router, but not from outside. I guess it's the firewall blocks the traffic, but I have not found any detailed firewall configurations.

  Thank you.

  Solved! It wasn't a real problem. The FTP server is accessible by its static IP, but only from the outside of the network. It could be consulted on the inside by its local IP address. Quite strange...

• CiscoSecure ACS RADIUS logs upload on FTP Server v4.2

  Hello

  I use an appliance v4.2 CiscoSecure ACS, in this sort as RADIUS logs upload on FTP server because it has limitation for storing RADIUS logs.

  Please advice.

  Thank you

  AS

  You can only configure logging remotely. The Cisco Secure ACS Solution engine devices configured to use remote agent send the record directly on the logging of remote agent service, CSLogAgent data. CSLogAgent wrote logging hard disk data to the location specified by the configuration provider. The logs contain the columns specified by the configuration provider.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/LgsRpts.html#wp703058

  Jatin kone
  -Does the rate of useful messages-

• Can I prevent Dreamweaver CS6 constantly querying the FTP server?

  When I work at the CS6 I little work directly on the FTP server. I do not work in a great team, check in and check out is a feature that is lost to us. So I have the Advanced Server settings to automatically download files when I save them. It works pretty well with the exception that Dreamweaver CS6 seems constantly ask the FTP server anyway. Many times I will go to save and it will throw an error that it cannot download the file now because it is currently interacting with the server.

  In Dreamweaver, I have the log open FTP tab and it is just constantly looking for things on the server at random intervals. It is not to download anything or reconnection. I have no problem at all in fact apart from this connection.

  I poked through settings and I can't find anything that says something like "Stop constantly check the FTP server, it is still there, do not worry there...» »

  Here is the error for all she's worth. I wouldn't bother even complaining about this, except that it happens to me constantly throughout the day. If it was just once or twice I don't care. The other problem is that when the error occurs, it does not save the file locally which is useless in my case also, but since it signals as saved I have to make a change so that he could register and download. So many times I'm waiting so he could stop to interact with the FTP server for no good reason, adding a space, back space and then hit save again. Seriously odious, please tell me there is a setting to stop this behavior.

  

  I have over a decade of experience with Dreamweaver, ongoing Web-based management of dozens of sites. He certainly had periods when FTP was seriously problematic, even after the CS6 updates where he was supposed to have been fixed. I managed to solve the problem on my production machine main actually two things:

  1. Temporarily disable my firewall and antivirus.
  2. Added the string "ResolveRemoteURLToIPAddress" to "Download Remote" in my registry and affecting false.

  #1 told me that my security software may be panic all level access Dreamweaver and perhaps got its hooks in the software so as to jeopardize this access, which causes delays in the transfer file and synchronize operations.

  #2 has been added to disable the feature to resolve the address IP of Dreamweaver, which caused it to sometimes hang when opening existing documents. This feature is enabled by default in the PC version. I don't know if DW interacts with the server just to open the document, or if it is something that occurs on a basis continues. If the latter, then it could be the cause of a lot of frustration "interacting with a server" for many users. More details here: http://helpx.Adobe.com/Dreamweaver/KB/hang-opening-document-Dreamweaver-CS5.html

  Dreamweaver is not as effective for as a standalone application FTP file transfers, because it is programmed to keep track of all the files and folders at any time and take notes of the same thing. For this reason, I always have a FTP program open when I'm working. Having said that, the difficulty of recording, in conjunction with several combinations of firewall and antivirus applications allowed me to find a solution that little close to put an end to my problems of FTP of DW.

• What is an ftp server

  I downloaded a backup software and he wants one for an ftp server. I have no idea what it is or how to get it. I need help. Thank you.

  I suggest that you contact support for your backup software, it is a Firefox support forum and so we will really be able to help you with your question.

• Mozilla's FTP server is not running

  Mozilla's FTP server versions is not accessible using Firefox 6.

  No problems with it on my XP system. What happens when you go to this address?

  If this answer solved your problem, please click 'Solved It' next to this response when connected to the forum.

• How to load the ftp server?

  Dear Sir.
  I use tecra M2 w - xp pro: to use ftp serversoftware which is usually standard in professional
  but when I want to load it from "add/remove components of the window: IIS" since the wizzard, I get the message a certain file is missing and must be taken from CD xp-prof: when I use recovery cd rom (only has windows xp on it) to obtain this file, which does not work: so, how to get IIS ftp server software?
  Thank you

  Hello

  You cannot use Recovery CD because there are Ghost file image. Instead of CD WXP search please C:\I386 folder.