Security management for FTP servers under Windows

Setting up an FTP server has always put security first, especially with FTP servers built with tools like IIS. If the improper setting suffers a malicious attack, the entire server system crash is not alarmist! Therefore, it is necessary to take reasonable and comprehensive safety management.

Let's start with the security of IIS.

IIS, starting with the NT system kernel, has become an important information release carrier, but its unavoidable vulnerabilities are also mentioned in a number of sources. IIS is used as an FTP server erection, mainly its easy to understand the settings to win the favor of many people; Therefore, to use IIS, we have to consider the following aspects of their security issues:

1. Install system patches. Microsoft's website often publishes the latest system security patches on its official web site, and you can update them with Windows Update programs that come with your system.

2. The settings for the FTP directory. It is more common to assign the home directory to a logical disk, set different access rights for each of the small directories, and turn off some unwanted services, which can be used as a first level protection against bad people accessing the system disk with an IIS overflow vulnerability.

3. Try not to use the 21 default port number and enable logging so that the FTP service checks when an exception occurs.

Another FTP erection software Serv_u.

The software interface is shown in the following illustration. Feel that the software in the security of the better, its settings are not easy to make mistakes, the author used a period of time to feel faster than IIS is much faster. Even so, be aware of its proper configuration:

1. For server password settings in the domain.

Serv_u provides three types of secure passwords: rule passwords, Otps/key MD4, and Otps/key MD5, and it goes without saying that rule passwords are the least secure. In general, we set up an account with administrative rights, then under the General tab open the "Password type" drop-down box, from which the two types are relatively more secure.

2. Check "intercept ftp_bounce attacks and FXP". FXP is also called Cross server attack, simply say:

When a malicious user adds specific address information to the port command, the FTP server is connected to other non-client machines, and if the FTP server has access to those clients that are not client-side, it can connect to the target server through the "intermediary" of the FTP server!

3. As with IIS, it is best to move the home directory to another partition, while setting the permissions for the user is best to set a low point, and so on when required to set the permissions to write, modify, and so on, and save the service log as a file for future reference.

said the erection of software, and then the operating system itself.

In view of the security of the FTP server, it is best to use the Win2000 server version, WinXP or Windows2003 Enterprise Edition, and attention to download security patch upgrades at any time.

1. You can use the system's own Internet Connection Firewall feature to make security settings. Open the Local Area Connection Properties dialog box and go to the Advanced tab. Check "Protect my computer and network by restricting or preventing access to this computer from the Internet", then click the "Settings" button in the lower right corner to go to "Advanced Settings", select "FTP Server" and click Edit again, as shown in the figure, The remaining options cannot be changed except for the IP address column. If your pre-set FTP server port is not its default 21, go back to the previous step, click Add under the Services tab, enter the server name and IP address, and fill in your preset with the external internal port number.

2. The TCP/IP filtering feature. Enter the local Area Connection---general---Internet Protocol (TCP/IP), and then double-click Open, then click the Advanced button and switch to options to start setting up. As shown in the following figure, we can set up the system to allow only open ports, this filtering setting can effectively prevent the most common intrusion, such as Port 139, but the disadvantage of this method is also obvious: the function is too simple, can only set open ports, can not customize the port to be closed, if you need to open multiple ports and one by one manually add, More trouble.

Server security is a forever can not finish the topic, the key or to everyone in the actual management of a lot of experience, and constantly accumulate. Through the above basic management settings, your FTP should have a certain security, you can rest assured that the use of the!