Network Manager security training camp-making FTP servers safer (1)

Source: Internet
Author: User
Tags ftp site

IIS5.0 of Windows 2000 provides FTP service functions, which are easy to use and closely integrated with Windows systems. But is the FTP server set up with IIS5.0 secure? Its default settings have many security risks and are easy to become targets of hackers. How to make the FTP server more secure, as long as we make a little transformation, it can be done.

1. Cancel Anonymous Access

By default, FTP servers in Windows 2000 allow anonymous access. Although anonymous access is convenient for users to upload and download files, there are great security risks. Users can access your FTP server without applying for a valid account, and even upload and download files, especially for FTP servers that store important data, it is easy to cause leaks. Therefore, we recommend that you cancel the anonymous access function.

In Windows 2000, click Start> program> Management Tools> Internet Service Manager to bring up the Management Console window. Expand the Local Computer option on the left side of the window to view the FTP server that comes with IIS5.0. The following uses the default FTP site as an example to describe how to cancel anonymous access.

Right-click "Default FTP site" and select "properties" from the shortcut menu. Then, the default FTP site Property dialog box is displayed. Switch to the "Security Account" tab, deselect the check box before "Allow anonymous connection" (1) and click "OK". In this way, the user cannot access the FTP server using an anonymous account and must have a valid account.

  

Figure 1 Disable Anonymous Access

2. Enable Logging

Windows logs record all information about system operation, but many administrators do not pay enough attention to the logging function. To save server resources, the FTP server logging function is disabled, which is absolutely undesirable. The FTP server log records the access information of all users, such as the access time, Client IP address, and Logon account used. This information is of great significance for the stable operation of the FTP server, once the server encounters a problem, you can view the FTP Log, locate the fault, and troubleshoot it in time. Therefore, you must enable FTP logging.

In the default FTP site Properties dialog box, switch to the "FTP site" tab and make sure that the "Enable Logging" option is selected, in this way, you can view FTP log records in the event viewer.

3. Correctly Set User Access Permissions

Each FTP user account has certain access permissions, But improper settings of user permissions can also lead to security risks on the FTP server. For example, the CCE folder on the server only allows the CCEUSER account to have the read, write, modify, and list permissions on it. Other users are prohibited from accessing it, or allow other users to have the read and list permissions on the CCE folder. Therefore, you must reset the user access permissions for the folder.

Right-click the CCE folder, select "properties" from the pop-up menu, switch to the "Security" tab, delete the Everyone user account, and click "add, add the CCEUSER account to the name list box, select modify, read and run, list folder directories, read and write options in the "permission" list box, and click "OK. In this way, the CCE folder can only be accessed by the CCEUSER user.

4. Enable Disk Quota

The disk space resources of the FTP server are precious, and unlimited use by users will inevitably result in a huge waste. Therefore, you must limit the disk space used by each FTP user. The following uses the CCEUSER user as an example to limit the capacity to MB.

In the resource manager window, right-click the drive letter of the CCE folder, select "properties" from the pop-up menu, and switch to the "quota" tab (2 ), select the "enable quota management" check box to activate all quota settings on the "quota" tab. To prevent some FTP users from occupying too much server disk space, be sure to select the "Deny disk space to users who exceed the quota" check box.

  

Figure 2 restrict FTP storage space

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.