Microsoft® Windows® Security Resource Kit, Second Edition

Configuring the FTP Service

In addition to providing Web server functionality to Windows 2000 and Windows Server 2003, IIS 5.0 and IIS 6.0 provide an FTP service. This service, if implemented, must be secured to ensure that the server hosting the FTP service is not compromised.

FTP enables users to transfer files to and from an FTP server. If you must implement FTP on your network, consider the following security guidelines:

Implement only anonymous access. Like most Internet-based protocols, the FTP protocol does not provide any security mechanisms for user credentials. User credentials are passed in clear text, which can lead to the compromise of a user’s domain credentials. You can configure the FTP service to allow only anonymous connections ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® Windows® Security Resource Kit, Second Edition by Ben Smith, Brian Komar, The Microsoft Security Team

Configuring the FTP Service

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly