If they plan on allowing people on the Internet to ftp into the site, then port 21 will need to be open (or else people on the Internet will have to do some convoluted things to get into their ftp server).
If they only plan on using ftp for their own use, then they might move it to another port, but there wouldn't be much point to it since any port scanner would find the open port and any decent one would also be able to tell you that it was running an ftp server. As a general rule, security by obscurity isn't the best policy. It would be much better to leave ftp at its default port and make sure that it is properly secured. Another rule is that the firewall is only there to protect non-server machines. Any machine that is providing a service on the Internet should be hardened as if the firewall weren't there. Mike Burden Lynk Systems (616)532-4985 [EMAIL PROTECTED] Gerald Davies [[EMAIL PROTECTED]] wrote: > hi, > > i would've thought it was better to advise him to shift ftp away from its > default port. I know i`m straying off topic here but it should also be > stressed that a firewall is pointless if the server is incorrectly > configured. In the past i have dealt with clients that believed that just > because they had firewall'd servers that they were secure - IIS4 being the > culprit in this case, but you can see my point. > > regards, > > Gerald.
