2. Check "Intercept FTP_bounce attacks and FXP". FXP is also called cross-server attack. To put it simply:
When a malicious user adds specific address information to the PORT command, the FTP server will establish a connection with other non-client machines. If the FTP server has the right to access those non-client computers, then the connection with the target server can be achieved through the FTP server, the "intermediary" of the FTP server!
3. Like IIS, it is best to move the home directory to other partitions. At the same time, when setting permissions for users, it is best to set a low point first, and then set write, modify and other permissions when needed; and save the service log in the form of a file for future reference.
Let’s talk about setting up the software, and then talk about the operating system itself.
Considering the security of the FTP server, it is best to use Win2000 server version, winxp or Windows 2003 enterprise version, and pay attention to downloading security patches to upgrade at any time.
1. The system's own "Internet Connection Firewall" function can be used to make security settings. Open the "Local Connection" property dialog box, enter the "Advanced" tab, and check "Protect my computer and network by restricting or blocking access to this computer from the Internet"; then click the "Settings" button in the lower right corner to enter "Advanced Settings", select "FTP Server" and click Edit, as shown in the figure, except for the IP address column, other options cannot be changed. If the FTP server port you preset is not its default 21, please go back to the previous step and click "Add" below the "Services" tab, enter the server name and IP address, and fill in the external internal port number into your preset value.
2. "TCP/IP Filter" function. Go to "Local Connection" --- "General" --- "Internet Protocol (TCP/IP)" in turn, then double-click Open, click the "Advanced" button, switch to "Options" to start setting. As shown in the figure below, we can set the system to only allow open ports. This filtering setting can effectively prevent the most common intrusion of port 139, but the disadvantages of this method are also obvious: the function is too simple, and you can only set open ports, and you cannot customize the ports to be closed. If you need to open multiple ports, you have to add them one by one, which is more troublesome.
Server security is a topic that can never be finished. The key is to summarize more experience in actual management and accumulate continuously. After passing the above basic management settings, your FTP should have certain security guarantees and can be put into use with confidence!
Previous page12Read the full text