Network administrator Security Training camp-make FTP server more secure (1)

The IIS5.0 of Windows 2000 system provides the FTP service function, because it is simple and easy to use, with the Windows system itself tightly combined, deeply loved by the majority of users. But is it really safe to use IIS5.0 to set up an FTP server? Its default settings in fact there are many security risks, it is easy to become hackers attack targets. How to make the FTP server more secure, as long as we slightly modified, we can do it.

First, cancel anonymous access feature

By default, the Windows 2000 system FTP Server is allowed anonymous access, although anonymous access for users to upload, download files to provide convenience, but there are great security risks. Users do not need to apply for a legitimate account, you can access your FTP server, and even upload, download files, especially for some storage of important information of the FTP server, it is easy to leak the situation, so we recommend the user to cancel the anonymous access function.

In Windows 2000 system, click the "start → program → admin tools →internet Service Manager" to eject the admin console window. then expand the window to the left of the local computer options, you can see the IIS5.0 FTP server, the following author to the default FTP site, for example, describes how to cancel the anonymous access feature.

Right-click the "Default FTP Site" item, select "Properties" in the right-click menu, then eject the Default FTP Site Properties dialog box, switch to the "Security Account" tab, cancel the "Allow anonymous connection" before the check (Figure 1), and finally click "OK" button, This allows users to access the FTP server using anonymous accounts and must have a legal account.

Figure 1 Prohibit anonymous access

Two Enable logging

The Windows log records all the information that the system is running, but many administrators do not pay enough attention to logging, and in order to save server resources, disable the FTP server logging function, this is absolutely undesirable. FTP server log records all user access information, such as access time, client IP address, the use of login account, etc., this information for the stable operation of the FTP server has a very important significance, once the server has problems, you can view the FTP log, find the fault, in time to eliminate. Therefore, be sure to enable FTP logging.

In the Default FTP Site Properties dialog box, switch to the FTP Sites tab, and make sure that the Enable Logging option is selected so that you can view the FTP log records in Event Viewer.

Three correctly set user access rights

Each FTP user account has certain access rights, but the unreasonable setting of user rights can also cause the FTP server to appear the security hidden trouble. such as the CCE folder in the server, only allow Cceuser account for it to read, write, modify, list permissions, prohibit other users access, but the system defaults to allow other users to the CCE folder has read and list permissions, so you must reset the folder's user access rights.

Right-click the CCE folder, select Properties in the pop-up menu, then switch to the Security tab, first delete the Everyone user account, then click the "Add" button, add the Cceuser account to the Name list box, and then select the Modify, read, and run in the "Permission" list box. List the folder directories, read and write options, and then click the OK button. This makes the CCE folder accessible only to Cceuser users.

Four Enable disk quotas

FTP Server disk space resources are valuable, unrestricted to allow users to use, is bound to cause huge waste, so to each FTP user to use the disk space limit. The following is an example of a cceuser user, limiting it to only 100M disk space.

In the Resource Manager window, right-click the hard drive letter of the CCE folder, select Properties from the pop-up menu, and then switch to the Quota tab (Figure 2), select the Enable quota management check box to activate all quota setting options on the Quota tab page. To not allow some FTP users to consume too much server disk space, be sure to select the Deny disk space to users exceeding quota limit check box.

Figure 2 restricting FTP storage space