How to secure FTP Server
FTP [File Transfer Protocol] used to transfer files over network. FTP is a part of Internet Information System (IIS).
As this a protocol used for file transfer, it must be secured 
Following are some of the tips to secure your FTP web sites -
1]
“Permission” - is one of the most important factor needs to be consider as it may create a security hole if your FTP user have unwanted permissions over web folders.
Anonymous user is nothing but the user who have access to your web site public areas without need of user name and password. Whenevr install FTP service, by default it enable the anonymous acess.
Anonymous Access is a method by which any user can get access to site without the need of any user login. Keeping anonymous enabled may create trouble for you as anyone can upload unwanted material in your web site, may hack your web pages Obviously disabling anonymous access you are securing your web site by applying valid user authentication.
Following are the steps to disable Anonymous Access :
Open your IIS MMC >> expand local server >> FTP Sites >> Right click on FTP site in question >> Security Accounts tab >> disable the check box present near to “Allow Anonymous Connections” >> Apply > Ok.
2]
“Previlages” - Each FTP account is associated with a home directory. FTP user should have necessary permissions over this home directory, make sure any other user do not have permissions over this folder like “Everyone” group members, otherwise it will access to all user to access content of home directory which is again a security hole. You can check the users and permissions with following steps -
Right click on FTP folder in question >> Properties >> Security tab >> you can see the users under “Group or User names:” and their respective permissions under “Permissions for Administrators” section.
3]
“Logging” -
Logging is most important to detect, troubleshoot failure/hacking attempts on server. You can track any IP address, illegal user, failure attempts from log files and block them accordingly so that no any connection can be established once again from those IPs/users. Following are the steps to enable logging -
Open your IIS MMC >> expand local server >> FTP Sites >> Right click on FTP site in question >> Properties >> enable check box present near to “Enable Logging” >> Apply >> Ok.
You can use “Properties…” option in the same section to configure/manage your log files, their format.
“Current Sessions…” is the option at which you can check for current active FTP sessions on your server. Here you can disconnect any sessions if not required as per your requirement.
4]
“Disk usage restriction” -
Each user should have restriction over disk usage otherwise any user can utilize as much disk space. Disk Quota management is one of the important and useful feature supported in Microsoft Windows, but normally no one notice its importance the role it can play Following are the steps to manage user quotas -
Open your “My Computer” >> Right click on hard drive >> Properties >> “Quota” tab >> “Quota Entries…” >> it will open a new window “Quota Entries for Drive” >> Here you can different users along with following parameters :
Status - satus of user like Ok, Above Limit etc.
Logon Name - name of the user
Amount Used - total amount of the disk space used
Quota Limit - limit of disk quota set for user
Warning Level - amount of disp apce at which it will start sending warnings that your quots is about to reach.
Percent Used - percentage of the disk soace used.
You can double click on any user to modify these parameter values.
I will add more tips in this post soon …
[...] more here: How to secure FTP Server | windows Hosting Blog This entry is filed under Art, Blog Hosting. You can follow any responses to this entry through [...]