Mitel SME Server V5 with ServiceLink Network Card User Manual


 
Chapter 10. Security
10.2.3. FTP
Another way to upload or download files to and from your server is to enable a protocol called FTP, or "file transfer protocol". This
screen enables you to set your policy for FTP. Note that allowing liberal FTP access to your server does reduce your security. You
have two options that you can set here.
FTP user account access: Private FTP access allows only people on your internal network to write files to your server. Public FTP
access allows users both inside and outside your local network to read or write files on your server, provided they have an account
and password. If, for example, you want to be able to update your web site from home using FTP, you would choose the "Public"
setting. We strongly recommend you leave this as Private unless you have a specific reason to do so.
FTP access limits: This allows you to set an overall site-wide policy for FTP access. The setting you choose here will override all
other FTP settings on your server. For example, if you choose "Disable public FTP access" here and then later configure an i-bay to
allow public FTP access from the Internet, such access will be forbidden. Note that one of the choices here allows you to completely
disable any use of FTP.
10.2.4. telnet
telnet has traditionally been one of the tools used to login remotely to other systems across a network or the Internet. This screen
gives you the options to control the use of telnet as a means of connecting to your server. Telnet can be useful in that it allows you to
login remotely and diagnose problems or configure settings. However, when you use telnet, all user names and passwords are
transmitted without any kind of encryption, dramatically reducing the security of your server. For that reason, we strongly
recommend the use of ssh as described above.
Note: Because telnet has been and continues to be widely used to date, we are providing the ability to use telnet for remote
access. However, as ssh usage increases, it is our intention to remove telnet access from future releases of the server.
Telnet access: This can be set to "No Access", "Private" or "Public". Because of the inherent security weakness mentioned above,
we strongly recommend that you leave this set to No Access (the default) and instead use ssh as described above. If you do need to
enable telnet access, we suggest that you enable "public" or "private" telnet access only when absolutely necessary, and disable such
access when it is no longer required. If "public" access is enabled, a red warning will appear at the top of every server manager
screen.
Note: Because of these security concerns, we do not allow administrative access (connecting as ’root’ or ’admin’) using telnet.
Please use ssh instead.
10.3. Local networks
Your SME Server V5 with ServiceLink provides services to machines on the local network and it gives machines on that network
special privileges and access. For example, only machines connected to the local network can access the mail server on your server
to send mail. When you configured your server, you provided it with sufficient information to deduce its own local network.
Machines on the network are automatically identified by the server as being eligible for these privileges and access.
66