[NTLUG:Discuss] FTP/Samba security issues

[Richard Wolfe]

Hello all-

My company is constantly exchanging files via FTP with
vendors/customers. Currently, we are using the FTP capabilities of our
web host to do this. Unfortunately, this means that every time a file
needs to be retrieved or sent, a member of the IT staff (i.e., me) has
to take care of it. I think I have a solution, but I'd like to run it by
the gurus here and get some feedback:

What I'd like to do is set up another (this will be three!) Linux box on
our LAN, and open port 21 through the router to it. This box would be
running vsftpd, and I'd plan on setting up ftp accounts for all our
vendors/customers that need to share files with us. Then, I plan on
mapping a samba share onto these users home directories, so that the
non-techie people in the office can easily access it using Windows
Explorer.

OK, sounds simple enough, right? So I guess my question is: are there
any security issues that I'm not thinking about? I know that both FTP
and samba are considered to be insecure by some people, but I don't
really know enough about it to know why this is. This machine would be
doing nothing else beside this particular task, if that makes a
difference. Any insight or "gotchas" to keep in mind would be greatly
appreciated.

Thanks in advance,

Richard Wolfe