CertiGuide to Security+  9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)       9  3.5  Security Baselines            9  3.5.3  Application Hardening

3.5.3.3  Email Servers 1 3.5.3.5  DNS Servers

The third most common service, after web and email that a company may provide to Internet users is FTP, the File Transfer Protocol.

FTP servers make available files for download over the Internet (or your intranet). They can also be used to accept uploads from business partners, customers, employees, etc.

FTP needs ports TCP 20 and 21 open in a firewall to function across the firewall. Port 20 is used for the “data” connection, which transfers the actual file contents from one system to the other. Port 21 is used for the “control” connection, over which FTP commands and responses are sent.

There are two primary aspects of an FTP server to consider when hardening it (other than various “features” of the FTP protocol which are interesting to hackers): user authentication and file access permissions.

FTP servers accept connections in either authenticated mode or unauthenticated mode. Authenticated mode connections send the user and password across the network, and assume no one’s running a sniffer on your network. Because sending authentication information across the network like this is a bad idea, newer FTP servers feature a Secure/FTP protocol that handles authentication in a more secure manner, using techniques like challenge/response.

Unauthenticated FTP connections, commonly referred to as “anonymous FTP,” are another barrel of laughs. Presumably you’ve heard of the concept of “Warez” – pirated software. Well, Warez “traders” need lots of disk space and bandwidth to store and distribute their software… and they often find it on random anonymous FTP sites around the net that have at least one directory writeable by the anonymous FTP user. If all of a sudden, your Internet connection seems very slow, and your FTP logs very large, you might have accumulated some Warez on your FTP server.

If you have to allow anonymous FTP access for one reason or another, OK – but make sure that you don’t offer anonymous users a writeable directory if possible.

File access permissions refer to which FTP users have access (and what type of access – read, write, delete, etc.) to which resources on the server. Some FTP servers rely strictly on OS security to set up these permissions. If the OS would allow that user to have access to that file/directory normally, the FTP server lets them have it. Other FTP servers start with that level of security and then add onto it an additional file access control configuration file that further restricts those permissions when files are accessed in the context of an FTP server.

A potential issue you can face on an FTP server is that of a denial of service, caused by uploaded files filling up the FTP file system or disk. Once this has happened, no other users can upload files, until the disk full condition is remedied. This problem is exacerbated if the file system or disk used for FTP uploads is the same one that contains the OS and the logs, since it may cause the FTP server to stop logging transfers (when it is still allowing downloads) or crash altogether. To help guard against this, set disk quotas on users who access the system via FTP (including whichever user ID is used for anonymous logins).³⁷²

Also, FTP is susceptible to man-in-the-middle attacks, because of the unencrypted nature of the FTP protocol.

The details of securing your FTP server are of course application-specific. For information on the version of FTP supplied with Windows .NET Server, check the Windows .NET Server Security Handbook³⁷³. For information on FTP in Linux, see Hacking Linux Exposed³⁷⁴ by Hatch et. al.

In addition to making sure that your FTP server software is up to date, we recommend that only those users requiring FTP be given access to it (avoid anonymous FTP if possible), and that you carefully monitor the directories available through FTP. Also, make sure that you log FTP logins and file uploads and downloads. Due to the potential for the FTP server being compromised, it is best if the logs are kept on a separate system (so that an attacker can’t easily delete evidence).

3.5.3.3  Email Servers 1 3.5.3.5  DNS Servers