Securing FTP over SSL [Windows Server 2019]

I (tobor), cover how to secure the configuration and directory permissions for a Windows Server 2019 FTP over SSL server using IIS.

0:00 Intro Summary
0:53 Active Directory Users and Groups
1:37 Covering how the contents of the UserList.csv file is used with 1-ConfigureWindowsFTPS-CreateFTP-UsersAndGroup.ps1
2:30 FTP Directory locations (Network Share or Local Folder)
3:00 Adding users in CSV file to Admin or Users group in AD
3:38 Install Script for FTPS Server 2-ConfigureWindowsFTPS-ConfigureFTPoverSSLserver.ps1
4:10 Started Script Execution
4:50 Begin entering prompted values for AD Users and the permissions you want assigned
5:43 Name the IIS Manager FTP Site
5:53 Define the home directory for the FTP site
6:11 Explicit SSL or Implicit SSL connections
6:25 Difference between Explicit and Implicit connections
7:41 Firewall rule created for defined port
7:58 FTP Root directory folder was created and IIS Site created
8:22 Create Local FTP User group
8:35 Create a Local FTP user
9:12 Authorization Rules added to FTP Site
9:35 Basic Authentication enabled
9:53 Set permissions on the created folder for the FTP service
10:20 View permissionson FTP sites root directory
10:35 AD Attribute values getting pulled by FTP Service
11:39 Assigning an SSL certificate to the FTP Service
12:00 How the script auto discovers an SSL certificate using FriendlyName value
12:50 Define Passive Ports
13:14 How to Re-Define Passive ports in IIS Manager if desired
13:53 IP address required for clients on the other side of a router or firewall
14:16 How an IP Address is automatically determined with DHCP
14:40 Virtual Host name for the FTP site in IIS Manager Bindings
15:10 The hosts file on windows to add vhost names too
15:51 Firewall rule created for Passive FTP Ports defined earlier
16:06 128 bit encryption enabled
16:14 FTP Site restarted and port is confirmed open
16:30 FTP SSL Settings
16:57 Custom FTP Messages and Max Connections
17:27 Restict FTP Access based on IP address of clients
17:55 User Isolation values obtained from AD
18:08 Network Share Directory Permissions
18:33 Using FileZilla to access the FTPES or FTPS Instance
19:06 Sign into FTPES Server using an FTP-Admins member
19:28 Upload files with FTP-Admins user
19:41 Download file with FTP-Admins user
19:57 Make AD values for the FTP-Admins user so FTP Home directory is inaccessible
20:42 Sign into FTPES server with FTP-Users member (entered incorrect password on first attempt)
21:19 View AD Attributes of the FTP-Users member
21:34 View permissions on the network share permission for the FTP-Users member
22:09 Download files using FTP-Users member
22:18 Upload files denied because of FTP-Users group permissions
22:36 Add FTP-Users member to the local FTPUsers group to add Read,Write permissions
23:04 Add Write permissions to the local FTPUsers group
23:34 Connect to FTPES server with new permissions (Restart of FTP service required)
24:12 FTPUsers group successfully uploaded files
24:41 More restrictive permissions dont get applied
25:13 FTPES sign in using FTPUsers member accessing a local directory instead of a network share
26:07 AD Attributes assigned to ftpsuser accessing local FTP directory
26:48 Sign in to FTPES using an FTP-Users member with Read permissions only (Remove AD FTP-Users group from FTPUsers group)
27:58 Verify local group membership and verify upload was denied
28:43 Outro

View my Verified Certifications!
https://www.youracclaim.com/users/roberthosborne/badges

Follow us on GitHub!
https://github.com/tobor88
https://github.com/OsbornePro

Read our blogs!
https://roberthosborne.com/

Give Respect on HackTheBox!
https://www.hackthebox.eu/profile/52286

Like us on Facebook!
https://www.facebook.com/osborneprollc

View PS Gallery Modules!
https://www.powershellgallery.com/profiles/tobor

The B.T.P.S Security Package
https://www.btps-secpack.com/

source
windows server