Chapter 10. Security
10.2.3. FTP
Another way to upload or download files to and from your server is to enable a protocol called FTP, or "file transfer protocol". This screen enables you to set your policy for FTP. Note that allowing liberal FTP access to your server does reduce your security. You have two options that you can set here.
FTP user account access: Private FTP access allows only people on your internal network to write files to your server. Public FTP access allows users both inside and outside your local network to read or write files on your server, provided they have an account and password. If, for example, you want to be able to update your web site from home using FTP, you would choose the "Public" setting. We strongly recommend you leave this as Private unless you have a specific reason to do so.
FTP access limits: This allows you to set an overall
10.2.4. telnet
telnet has traditionally been one of the tools used to login remotely to other systems across a network or the Internet. This screen gives you the options to control the use of telnet as a means of connecting to your server. Telnet can be useful in that it allows you to login remotely and diagnose problems or configure settings. However, when you use telnet, all user names and passwords are transmitted without any kind of encryption, dramatically reducing the security of your server. For that reason, we strongly recommend the use of ssh as described above.
Note: Because telnet has been and continues to be widely used to date, we are providing the ability to use telnet for remote access. However, as ssh usage increases, it is our intention to remove telnet access from future releases of the server.
Telnet access: This can be set to "No Access", "Private" or "Public". Because of the inherent security weakness mentioned above, we strongly recommend that you leave this set to No Access (the default) and instead use ssh as described above. If you do need to enable telnet access, we suggest that you enable "public" or "private" telnet access only when absolutely necessary, and disable such access when it is no longer required. If "public" access is enabled, a red warning will appear at the top of every server manager screen.
Note: Because of these security concerns, we do not allow administrative access (connecting as 'root' or 'admin') using telnet. Please use ssh instead.
10.3. Local networks
Your SME Server V5 with ServiceLink provides services to machines on the local network and it gives machines on that network special privileges and access. For example, only machines connected to the local network can access the mail server on your server to send mail. When you configured your server, you provided it with sufficient information to deduce its own local network. Machines on the network are automatically identified by the server as being eligible for these privileges and access.
66
