WINDOWS 2000 SERVER

CONFIGURE FTP SERVERS FOR SECURITY


Windows 2000 Server's Internet Information Services (IIS) includes FTP support, enabling it to function as an FTP server. But unless you tighten security for the FTP virtual servers on each server, it won't be long before people start using your server to share all types of files, potentially violating copyright laws or company policies.

If you're not using FTP, check each IIS server, and remove the FTP service using the Add/Remove Programs applet in Control Panel.

If you do use FTP but don't need to provide anonymous access, first make sure that all FTP folders are stored on NTFS volumes, and configure NTFS permissions for each folder to restrict access as needed. Then, open the properties for the FTP virtual server in the IIS console, and deselect the Allow Anonymous Connections option on the Security Accounts tab.

If you want to restrict access but still allow anonymous connections to simplify administration, configure each FTP virtual server to allow connections only from specific IP addresses or subnets. Open the properties for the virtual server, and select the Directory Security tab. Click Add, enter the IP address or range of addresses to allow, and click OK. Repeat the process for other addresses or ranges as needed, and close the IIS console.

If you don't take steps to lock down your FTP servers, particularly if they're connected to the Internet, it will likely only be days before unwanted files start filling up the server's disks. Take a few minutes to lock them down now.