Contents tagged with FTP
-
3 Steps to Securing FTP on IIS 8
The FTP protocol is some 43 years old now. Yet it continues to be one of the most widely used file transfer technologies available. Over the years it has been shown to be vulnerable to brute force attacks, packet capture, and other attack vectors. Fortunately with IIS 8 on Windows Server 2012 your FTP server doesn’t have to be vulnerable. It goes without saying that FTP Authentication and Authorization are the most fundamental methods to secure your server. Here are three additional things you can do to increase the security of your server’s FTP service and minimize its attack footprint.
-
FTP User Isolation with IIS 8
FTP User Isolation is a great way to lock down your FTP site and prevent users from accessing resources they are not supposed to. Regardless if your server is providing shared hosting or dedicated hosting, FTP User Isolation can be leveraged for greater FTP security. It is particularly beneficial in hosting environments when you have a limited number of IP addresses to utilize but have several users requiring FTP access. In this case you’ll want to create 1 master FTP site and configure user virtual directories. Alternatively if your web server has several IP addresses available then one will typically deploy FTP Publishing on each site being hosted using a dedicated IP address. FTP user isolation in this case is not as critical but can still be implemented if you need multiple users accessing different folders on the same site.
-
Configuring FTP Over SSL with IIS 8
In 2011 the FTP protocol had it’s 40 birthday. Despite it’s age it is still a widely used file transfer technology however it wasn’t originally designed for encryption. It has been shown to be vulnerable to brute force attacks, packet capture, and spoof attacks as well as a few other attack vectors. Now with IIS 8 on Windows Server 2012 encrypting an FTP session has never been easier. Using the IIS Manager with just a few clicks you can enable FTPS also known as FTP Over SSL on your site and take advantage of encrypted communication. In this walkthrough I am going to configure FTPS on IIS 8 using my personal SSL certificate which I obtained from a 3rd party SSL vendor. I am not going to cover how to install an SSL certificate. To get started launch IIS Manager from the Start Screen.
-
Configuring FTP Virtual Directories with IIS 8
Configuring and using FTP with IIS 8 on Windows Server 2012 is very easy and straight forward. If you ever used FTP 7 that was released with Windows 2008 then the GUI will be familiar to you. An FTP virtual directory is quite handy when you need to provide an FTP user access to files which are not in their FTP root folder. If you’ve ever created one, then you know the FTP user is usually not able to physically “see” the virtual directory when they login. To get to the new folder they have to manually change the path using their FTP client. I will show you a simple trick so the virtual directory will be visible to the FTP user.