| 211 |
| Secure FTP to prevent unauthorized access |
| The FTP protocol is useful for sharing files with remote users. When you use FTP, you don't need |
| to create Web pages to provide links to shared files or create VPN connections to enable native |
| Windows file-sharing access. However, if you don't secure the server, enabling FTP on a computer |
| can expose the computer to a handful of potential problems. For example, unauthorized users could |
| host their files on your computer or gain access to files they shouldn't have. |
| There are three steps you can take to prevent unauthorized access to your computer through FTP. |
| First, disable anonymous access on the virtual FTP server. Any user who wants to access the FTP |
| server will have to use a valid account on the computer in order to authenticate the FTP session. |
| Open the IIS console from the Administrative Tools folder, open the Properties for the virtual FTP |
| server, select the Security Accounts tab, deselect the Allow Anonymous Connections option, and |
| Next, use the options on the Home Directory tab to point the FTP virtual server to a home directory |
| on an NTFS volume, if possible. Use NTFS permissions in the target folders to restrict access to |
| folders and files as needed. You should avoid creating virtual FTP folders that reside on FAT |
| volumes because these offer little access control. |
| Finally, if it's critical that you know who's accessing files from the FTP server, enable object access |
| auditing and configure the FTP folders to log successful and/or failed attempts to access the folder |
| or files to the security log. |
First Previous Next Last |