Securing an FTP Server

September 21, 2008

Assigning access control rules for the files and directories on the FTP server will ensure greater safety for your files. This way, only privileged user accounts can access sensitive data on the FTP server, while non-privileged user accounts can access only general files.

The following are some recommendations for securing the FTP system:

Run the FTP servers on a separate bastion host on the DMZ.
Use a proxy system to forward requests to the FTP server.
Use PASV mode for the server and clients.
Discourage the use of anonymouse FTP access.
Assign permission to directories and files to enable access control.
Log all access to files so it is easy to trace users.
Use secureFTP or other similar protocols to secure the data and the command channels. A secureFTP protocols uses SSL to encrypt data and the command channel so it is safe from hackers.
If PASV mode clients are not set, use packet filtering to allow only outgoing connections from ports above 1023. This will disable any incoming requests to open a connection on the internal client.

%d bloggers like this: