FTP server attack and defense practices

Downloading files from an FTP site is currently one of the most common file transfer methods. Especially for enterprise users, the company has established a dedicated FTP server for employees, it is the most convenient way for them to share resources through this server. But do you really understand FTP security as a network administrator? Don't think that setting up a Complex Administrator account password can be everything, do not think that the system installed on the latest patch or choose the latest version of the SERV-U FTP build tools can be foolproof. Today, I will lead you to introduce the FTP site data transmission vulnerabilities by default. Of course, I will also introduce how to fix these vulnerabilities.
I. Crack the FTP user name and password

First, we need to know that by default, FTP site information is transmitted in plain text without any encryption. That is to say, when a user logs on to the FTP site and enters the user name and password, the information is not encrypted. Illegal users can use tools such as sniffer to restore the cost of the information.

Practice: Use sniffer to restore the FTP site's user name and password to plain text

Environment Description:

In the company's network, the AB computers connect to the same subnet through switches. B is the employee's computer. An employee accesses the company's FTP server through him, use your username and password when logging on to FTP. A is the computer where sniffer is installed. Through sniffer, we can monitor the username and password for employees who use computer B to access the FTP server.

Implementation Method:

Step 1: first install the powerful sniffer tool on computer A and start the program.

Step 2: enable the monitoring interface through the "matrix" button in the sniffer software.

Step 3: Open the monitoring page and start monitoring data packets on the network.

Step 4: In the detection data packet window, click the objects label in the lower left corner and select station. This will display all the communications in the current network in the window.

Step 5: If B's employees use their computers to log on to the FTP server, click "capture-> stop and display" in sniffer ".

Step 6: assume that the IP address of our FTP server is 211.154.80.30, then we find the packet about 211.154.80.30 in the displayed address list, click the "DECODE" button below to analyze the data packets.

Step 7: On the "DECODE" interface, we can analyze all data packets about 211.154.80.30. We analyze the data packets one by one and analyze the username information when there are about 12th data packets. We can see from the interface that the username is softer.

Step 8: continue to see the password when the first packet arrives. The password is displayed in plaintext in sniffer and the password is pacino.

So far, we have used the sniffer tool to crack the username and password of the employee on the FTP server. This method is effective when the employee and the computer installed with sniffer are in the same subnet.

Ii. encrypted transmission of FTP site information

Since we know that the FTP server transmits data in plaintext mode, especially the user name and password transmission is very secure and information is easily stolen, although FTP provides the SSL encryption function, however, it is not enabled by default, for example, Serv-u ftp Server (Serv-U for short ). Therefore, to ensure that the transmitted data is not stolen at will, it is necessary to enable the SSL function to improve the security of server data transmission. We use Serv-u as an example to describe this security defect.

TIPS: What is the SSL encryption protocol? The SSL protocol (Secure Socket Layer) is a Secure communication protocol launched by Netscape. It can provide strong protection for credit card and personal information. SSL is the protocol used to encrypt the entire session between computers. In SSL, public keys and private keys are used. Therefore, after using the SSL protocol, we can ensure that the data transmitted in the network is not stolen by illegal users.

(1) install the Serv-U Server

As there are many articles on installing Serv-U, this article will not be detailed. (6) After installation, we need to create an FTP server domain and set the username and password.

(2) create an SSL Certificate

To use the SSL function of Serv-U, you must support the SSL certificate. Although Serv-U has automatically generated an SSL certificate at the time of installation, the default SSL certificate is the same in all Serv-U servers and is very insecure, therefore, we need to manually create a unique SSL certificate.

Step 1: In the "Serv-U administrator" window, expand the "local server-> Settings" option and switch to the "SSL Certificate" tab.

Step 2: Create a new SSL certificate. First, enter the IP address of the FTP server in the "common name" column, and then fill in the content of other topics, such as email, organization, and organization, based on the user's situation.

Step 3: fill in all the content on the SSL Certificate tab, and click the "Apply" button below. Then, Serv-U will generate a new SSL certificate.

(3) Enable the SSL Function

Although a new SSL certificate is created for the Serv-U server, by default, Serv-U does not enable the SSL function. To use this SSL certificate, first, you must enable the SSL function of Serv-U.

Step 1: Enable the SSL feature with the domain name "softer" in the Serv-U server. In the "Serv-U administrator" window, expand the "local server-> domain-> softer" option in sequence.

Step 2: Find the "Security" drop-down list option in the "Domain" Management box on the right. Here Serv-U provides three options: "Only rule FTP, no SSL/TLS process "," allow SSL/TLS and rule process ", and" only allow SSL/TLS process ". By default, serv-U uses "only FTP rules, no SSL/TLS processes", so SSL encryption is not enabled.

Step 3: Select the "allow SSL/TLS processes only" option in the "Security" drop-down box, and click "Apply" to enable the SSL function of the softer domain.

TIPS: After the SSL function is enabled, the default port number used by the Serv-U server is no longer "21", but "990". Be sure to pay attention when logging on to FTP, otherwise, the FTP server cannot be connected.

(4) use SSL encryption to connect to FTP

After the SSL function of the Serv-U server is enabled, you can use this function to securely transmit data, but the FTP client must support the SSL function. If you log on directly using IE, the error message shown in Figure 9 is displayed. On the one hand, the default port 21 is not modified to 990, and IE does not support SSL transmission.

Of course, there are also many FTP client programs that support SSL now. I will take the Flash FXP program as an example to introduce how to successfully connect to the Serv-U server with SSL Enabled.

Step 1: After running the "FlashFXP" program, click "session-> quick connection" to bring up the "quick connection" dialog box, in the server or URL field, enter the IP address of the Serv-U server. In the port field, enter "990" because after the Serv-U server enables the SSL function, the port number is changed from "21" to "990 ".

Step 2: Enter the "user name" and "password" that can normally log on to the FTP server ".

Step 3: switch to the "SSL" tab and select the "absolute SSL" option. This step is critical. If "absolute SSL" is not selected ", you cannot connect to the Serv-U server. Click "Connect. Select the four options under absolute SSL based on the actual transmission conditions.

Step 4: When you connect to the Serv-U server for the first time, Flash FXP will pop up a "certificate" dialog box. (12) you only need to click "accept and save, after downloading the SSL certificate to your local computer, you can successfully connect to the Serv-U server. data transmission between the server and Serv-U will be protected by the SSL function, it is no longer transmitted in plain text, so that you no longer have to worry about FTP account theft and sensitive information theft. At the bottom of Flash FXP, we will also see a small lock icon, which indicates that the current transmission is encrypted and secure.

TIPS: if we only choose to accept the certificate, this certificate dialog box will pop up every time you log on to FTP.

Conclusion: Setting up an FTP site that uses SSL for encrypted transmission can effectively protect resources on its own servers from being browsed at will, only authenticated users can download their desired file resources. In addition, all data in the transmission process is encrypted. Other users in the network cannot use software similar to sniffer to restore the login information to plain text. Even if the data can be obtained, it is encrypted, there is no value at all.