1 Reply Latest reply on Nov 17, 2010 4:43 PM by Kary Tankink

    Can HIPS be used to limit access to FTP on a Server?

      Hi,

       

      I have been tasked with doing the following...

       

      Currently our FTP servers allow any machine that can get to port 21 to connect using the FTP protocol.  I want to grant FTP access to a limited number of machines and deny access to the rest.

       

      I have been working with McAfee products for 10+ years - but this is my first foray into HIPS.  I have messed around with the Predefined FTP rule - but found out that it is looking at the FTP client - ftp.exe vs the server component which is inetinfo.exe.  I am looking for a nudge in the right direction.

       

      I think what I want to block is access to inetinfo.exe that listens on port 21.  I would put in an allow rule for the limited list fullowed by a deny to everything else.

       

      Is what I am asking possible?  Got hints on how to do it?

       

      Thanks,

       

      Tim

       

      ePO 4.0 and HIPS 7.0.0.833

        • 1. Re: Can HIPS be used to limit access to FTP on a Server?
          Kary Tankink
          I want to grant FTP access to a limited number of machines and deny access to the rest.

           

          I think what I want to block is access to inetinfo.exe that listens on port 21.  I would put in an allow rule for the limited list fullowed by a deny to everything else.

           

          On the FTP server:

          Add an incoming ALLOW FTP firewall rule and limit the rule to specific remote (source) IP addresses (like you suggested). If HIPS is on the FTP server, then you could probably configure the firewall rule to the FTP server application executable and inbound traffic.  You also wouldn't need a DENY rule.  If it's not allowed by other firewall rules, then it will hit the DENY ALL rule (hidden) at the bottom of the Firewall rule.

           

          You can't create a firewall rule to "allow X number of connections" into the FTP server though.

           

          *NOTE: HIPS 7.0.0.833 is Patch2, which is REALLY old.  Patch 8 (7.0.0.1159) is the current build.