Because the FTP server is often used for file upload and download, its security is of different importance. If attackers break the attack, not only files on the FTP server may be damaged or stolen, but more importantly, if the files are infected with viruses or Trojans, this poses a potential threat to all FTP users.
To protect the FTP server, you need to protect its password. Here I will talk about some common password security policies for FTP servers to help you improve the security of FTP servers.
Policy 1: Password duration
Sometimes, the FTP server will not only be used by employees, but also be temporarily used by an account for external partners. For example, when I manage the FTP server, the Sales Department often fails to send emails due to some large files. Therefore, the file must be transmitted to the client through the FTP server. Therefore, when the customer or supplier needs some large files, the author has to give them a temporary account and password for the FTP server.
My current practice is to set up an account on the FTP server, but its password is valid on the current day and will automatically expire on the next day. In this case, when the customer or supplier needs to use the FTP server, I only need to change some passwords. Instead, you do not need to create a user each time you use it. After you use it, delete it. At the same time, it can also avoid security risks to the server because the temporary account is not canceled in time, because the password will automatically fail.
Most FTP servers, such as the FTP server software that comes with the Microsoft operating system, have the password term management function. Generally, a temporary account can be managed along with the term of the account and password to improve the security of the temporary account. For internal users, the term management can also be used to urge employees to increase the frequency of password changes.
Policy 2: passwords must comply with complexity rules
At present, many banks have performed complex password authentication for the security of user accounts. Passwords such as 888888 are no longer accepted. In cryptography, this form of password is very dangerous. They can use some password cracking tools, such as the electronic dictionary of passwords, to easily crack the passwords.
Therefore, to improve the security of the password itself, the simplest thing is to increase the complexity of the password. On the FTP server, you can use password complexity rules to force users to use passwords with higher security levels. Specifically, you can set the following complexity rules.
1. passwords cannot be pure numbers or characters
If a hacker wants to crack an FTP server account, the time it takes is directly related to the composition of the password. For example, the password is composed of eight digits, one is a pure number, and the other is a combination of numbers and characters. For example, 82372182 and 32dwl98s respectively. The two passwords look similar, but they are very different from the password cracking tool. The above pure-digit password may only take 24 hours to crack through some advanced password cracking tools. However, for the password that is followed by the letter and number, it takes 2400 hours to crack, or even more. The cracking difficulty is at least 100 times higher than the original one.
It can be seen that the password for character and digit combination is quite safe. For this reason, we can set it on the FTP server so that it does not accept password settings with only numbers or characters.