Now Chatting

Hello, can I help you with anything?

Title:

FTP access with “anonymous" account.

Vulnerability:

What is  FTP “anonymous" account?
Utilizing the Internet's File Transfer Protocol (FTP), anonymous FTP is a strategy for giving clients access to files with the goal that they don't have to authenticate themselves to the server. Utilizing a FTP program or the FTP command interface, the client enters "unknown" as a client ID. All in all, you enter the word anonymous or ftp when the host prompts you for a username; you can enter anything for the password, for example, your email address or just "guest". By and large, when you get to an unknown FTP site, you won't be provoked for your name and password.

Attackers misuse the weak passwords or anonymous logon vulnerability to specifically sign on to the FTP benefit and transfer vindictive records to take system privileges, which causes information leakages.

Solution:

Ensure to use the latest version of the FTP service software.

FTP service in Windows Server 2008 and the vsftpd service in Linux as examples of how to harden the FTP service:
Harden FTP service in Windows

  1. Open Internet Information Services (IIS) Manager, check hardening features for the FTP service
  2. Disable anonymous logon.
  3. Create an FTP account.
  4. Disable the anonymous logon functionality.
  5. Enable a strong password security policy: Password must meet complexity requirements.
  6. Enable the policy for handling account logon failures
  7. Enable the FTP directory isolation feature.
  8. Specify accessing IP addresses
  9. Enable the authorization policy.
  10. Enable SSL encryption for data transmission
  11. Create a server certificate.
  12. Apply the created certificate.
  13. Enable the logging feature

Harden vsftpd service in Linux

  1. Add a new user “test” and configure a strong password for the user
  2. Modify the vsftpd.conf configuration file.
  3. Set anonymous_enable=NO
  4. Disable displaying banner information.
  5. Modify the statement as ftpd_banner=Welcome
  6. Limit users that can log on to FTP services
  7. Limit accessible directories for FTP users.
  8. chroot_list_enable=YES
  9. chroot_list_file=/etc/vsftpd/chroot_list
  10. Modify the listening address and the default port
  11. listen_address=192.168.0.192
  12. listen_port=8888
  13. Enable the logging feature
  14. xferlog_enable=YES
  15. xferlog_std_format=YES
  16. Enable other security configurations in the file
  17. If you do not need the service, we recommend that you disable the FTP service.