Phandalyon
Guest
- Joined
- Jun 12, 2001
- Messages
- 5,839
Any quick tips for securing an FTP server. I just got one up and running. Anonymous access is disabled. Is there anything else I really need to look out for?
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Thats only applicable on Windows.Yoblad said:You should start securing an ftp server with folder permissions. Make sure the everyone group is removed (NOT denied access). Modify advanced permissions on the ACL so users can write to a directory but are denied delete permission. Otherwise any user can go in and delete everything in your server's ftp folder.
That will do nothing but make it easy for an attacker to prevent legitimate users from logging on by tying up every connection.Yoblad said:Limit the number of connections to the server (I use 4).
This doesn't help. Hiding a service is not security, its obscurity.Yoblad said:you can also change the port from the default 21 to something else (just make sure it's not used by anything crucial).
M11 said:Thats only applicable on Windows.
That will do nothing but make it easy for an attacker to prevent legitimate users from logging on by tying up every connection.
This doesn't help. Hiding a service is not security, its obscurity.
1. Assuming anything in this instance is a bad idea, especially IIS. IIS is not even close to the predominant FTP server.Yoblad said:1. He didn't specify what he was using so we can assume it's IIS.
2. I'll admit that it doesn't do much to secure the server but you really don't want 1000+ people to be able to connect to your server at any time if it IS compromised. I do it so each user is granted a sufficient amount of my available upload speed. If I let it go like wildfire I could have 40 people trying to download something at 2 kB/sec
3. Apparently you're not familiar with practicing security through obscurity.
edit: BTW I wasn't refuting your tips, only adding to them.
Steel Chicken said:sounds like you got it pretty well setup for what you have to work with.
shade91 said:SFTP or FTP over SSL. That is how I secure an FTP.
M11 said:Thats only applicable on Windows.
That will do nothing but make it easy for an attacker to prevent legitimate users from logging on by tying up every connection.
This doesn't help. Hiding a service is not security, its obscurity.