Three security factors for setting up an FTP server

Setting up FTP servers always puts security first, especially for FTP servers built using tools such as IIS. If the server is maliciously attacked due to improper settings, the system crash will not be an arms! Therefore, it is necessary to adopt reasonable and comprehensive security management.

Let's start with IIS security.

IIS has become an important information release carrier since the kernel of the NT System, but its inevitable vulnerabilities are also mentioned in many documents. IIS is used as an FTP server setup, mainly because its simple and easy-to-understand settings have won many favor. Therefore, to make good use of IIS, we have to consider the following aspects:

1. Install system patches. Microsoft often releases the latest system security patches on its official website. You can use the windows update Program that comes with the system to update the patches at any time.

2. Set the FTP directory. It is common to specify the main directory to the Logical Disk, set different access permissions for each sub-directory according to different users, and disable unnecessary services, this provides the first level of protection for attackers who exploit the IIS overflow vulnerability to access the system disk.

3. Try not to use the default port number 21 and enable logs to check for exceptions in the FTP service.

Another FTP erection software, Serv_U.

I feel that this software is doing better in terms of security, and its settings are not easy to make mistakes. After a while, I feel that its speed is much faster than that of IIS. Even so, pay attention to the correct Configuration:

1. Set the server password in the domain.

Serv_U provides three types of security passwords: Rule password, OTPS/KEY MD4, and OTPS/KEY MD5. It is self-evident that the rule password has the lowest security. Generally, after an account with administrative permissions is set, open the "password type" drop-down box under the "General" tab. It is much safer to select the last two types.

2. Select "intercept FTP_bounce attack and FXP ". FXP is also called a cross-server attack. To put it simply:

When a malicious user adds specific address information to the PORT command, the FTP server will establish a connection with other non-client machines. If the FTP server has the right to access non-client computers, then you can connect to the target server through the FTP server as an "intermediary!

3. like IIS, it is best to move the main directory to other partitions. It is best to set a low point for users when setting permissions, and set write and modify permissions when necessary; the service logs are saved as files for future reference.

Let's talk about how to set up software and then the operating system itself.

Considering the security of the FTP server, it is best to use Win2000 Server Edition, winxp or Windows2003 Enterprise Edition, and pay attention to downloading the security patch at any time.

1. You can use the built-in "Internet Connection Firewall" function to set security. Open the "local connection" attribute dialog box, go to the "advanced" tab, and tick "Protect my computer and network by limiting or blocking access to this computer from the Internet; click the "Settings" button in the lower-right corner to go to "Advanced Settings", select "FTP server", and click Edit. Other options except the IP address column cannot be changed. If the pre-configured FTP server port is not its default port 21, go back to the previous step and click "add" under the "service" tab and enter the server name and IP address, enter the external internal port number in your default value.

2. "TCP/IP filtering" function. Choose "Local Connection"> "general"> "Internet Protocol (TCP/IP)", double-click it, click "advanced", and switch to "option" to start setting. As shown in, here we can set the system to only allow open ports. This filtering setting can effectively prevent the most common intrusion such as port 139, but the disadvantage of this method is also obvious: the function is too simple, only open ports can be set. You cannot customize the ports to be closed. To open multiple ports, manually add them one by one, which is troublesome.

Server Security is an endless topic. The key is to sum up experience and accumulate experience in actual management. After the above basic management settings, your FTP should have a certain degree of security and can be put into use with peace of mind!