I am working in a small company, and I want to set up an FTP server. What operating system is best for this type of implementation, and what are security issues that need to be considered?
When it comes to recommending an operating system for a task such as hosting an FTP server, I think the answer much depends on what in-house expertise you have. It is no good setting up a Unix system to run your FTP server, for example, if nobody in your organization has in-depth knowledge of running a secure Unix system. File Transfer Protocol (FTP) is a tricky service to secure correctly, and the last thing you want to do is try to set up an FTP service on an OS with which you are not familiar.
The lack of security in FTP can be traced back to the environment for which it was originally designed. Back in the seventies, when the File Transfer Protocol first appeared, clients and servers interacted with a minimum of restrictions, and packets travelled directly to their destination. FTP was created before the introduction of SSL, like HTTP, SMTP and many other common Internet protocols. Therefore, it is inherently insecure, as data is not encrypted during transit. Usernames, passwords, FTP commands and transmitted files are all sent in plaintext and can be intercepted using a packet sniffer.
If you are looking to provide a convenient way for clients or staff to access non-confidential material, you can use anonymous FTP. Anonymous FTP doesn't require a password for each user, and as the information isn't sensitive, there is no need for encryption. However, there are still some security issues to consider.
To limit access just to the FTP home directory and its subdirectories, create a new, separate account for anonymous FTP users. Also, when users access the FTP site, display a welcome message that explains the terms and conditions they must agree to before using the site. Also log any FTP activity in order to comply with your security audit policies.
If you're running the FTP service solely for staff or a few select clients, set the limit on live connections to an appropriate level. There is no point allowing unlimited simultaneous connections to your server, since this only makes denial-of-service attacks easier. Also, in this scenario, I would recommend restricting access to users from a specific IP range or address, such as a trusted client or subnet of your Intranet. This is easily done by denying access to all computers and then configuring your trusted user's IP address as an exception. If you need to grant write permission to a directory so that users can upload files to your server, grant it on a separate directory that doesn't have read permission.
If any uploaded files or files available for downloading contain sensitive information, then you need to use a secure FTP protocol to keep network sniffers from reading them and your users' passwords upon connection. Read my tip on setting up a secure FTP server for more details on your two main choices, FTPS and SFTP.
- Michael Cobb reviews the pros and cons of FTP over SSL.
- A SearchSecurity.com reader asks Mike Chapple, "What OSI Layer 4 protocol does FTP use to guarantee data delivery?"
This was first published in February 2009