Build a secure FTP server from dolls

As you know, the FTP server is used to store "large files" in the Local Machine. If you have important or non-important files, they need to be retained for a long time, it can be stored on the server. However, if there are more things in the warehouse, it will naturally attract hackers to patronize the network. We do not know how to build a secure Serv _ u FTP server. We should start from the initial installation. The following operations are exactly what you want to save lives "!

I. Preparations before installation

To ensure system security, you must first perform a thorough anti-virus scan on all the drive letters of the host, and then change the format of each drive letter from FAT32 to security level, A relatively high NTFS format, and ensure that the current patch of the system is the latest, do not leave any "opportunity" for hackers ".

Ii. Install the latest version of Serv _ u FTP server software

Downloading the latest version of Serv _ u FTP server software online, as the name suggests, is to avoid common vulnerabilities in previous versions, while also eliminating the need for you to fix vulnerabilities. After the download is complete, double-click the software "client" program and install it on the server host. Of course, the installation process is not. If you click "Next" as before, the installation will be performed by default. Pay attention to the following three steps.

1. By default, the directory where Serv _ u FTP server software is installed is known, not to mention the location of the server. So for the sake of your server security, please change the default installed directory to any drive letter location on the hard disk, so that even if they find it, it will take a lot of time to attack, this can eliminate the patience of intrusion.

2. to prevent malicious users from visiting the server as strangers, select the "Do Not Allow Anonymous Access" option in this setting, and the system will prompt you, create a Logon account. This can be set up based on your privacy account and password, but it can be changed by default, so in order to lock it, please Lock the user in to the home directory in the "Lock in home directory" dialog box? Click "Yes ). In this way, you don't have to worry about changing your account and password because of malicious intrusion.

Figure 1

3. the login account created for the first time usually has a high permission and special permissions to manipulate the entire server. To ensure security, select "No privilege" option (2) in the "Account Admin privilege" drop-down list in the "admin Privilege" dialog box ), do not grant any privileges to the created account, so as to avoid the hacker's small trick of "killing with a knife.

Figure 2

In addition, divide the three installation steps and take precautions for local permission escalation. The third-party software to be used is the Serv _ u FTP Server local permission vulnerability defense tool, it is a security tool that prevents malicious users from using Webshell programs and improving local permissions. No matter whether your server has a local elevation of permission vulnerability, you only need to run the "Local Privilege Protection Client" program. In the displayed "software" operation interface, follow the text prompts In the tab, enter the Management port, account, password, and Serv _ u directory you want to modify, and click Modify, the prompt "operation successful" dialog box is displayed (3 ).

Figure 3

Even if Hackers break into the server host and use the permissions of common users to perform operations, it is difficult to take too much action. As a network administrator, you can have a stable "nap "!