FTP Server for Windows Server 2008 - Filezilla or IIS?

I'm setting up a Windows Server 2008R2 cloud server on rackspace and ftp will be used by only a few users. Any thoughts on using Filezilla vs IIS 7.5?

Solution 1:

Depending on the server's purpose, I would eschew the native IIS FTP server in favor of a third-party server not tied to the server's authentication system. The major advantage here is that you can sandbox the accounts, and any security vulnerabilities in either the FTP server or Windows file system security are relatively decoupled. Moreover, the third-party FTP process is a little less privileged, since it isn't a core service provided by Microsoft.

A case where this would be the preferred solution would be an IIS web server where one user in each department is in charge of updating the departmental website. A case where it would not be the preferred solution is when every user in the organization has their own web space, in which case the advantages of using the central directory system would probably trump the slight security advantage.

Solution 2:

Well, the advantage of using Filezilla is that you have FTPS capability, so that nobody would be able to fish your passwords or content as a man-in-the-middle attack. Also, as an additional option, if you run the "NULL FTP Server" you could run a single port SFTP server on port 22.