Vulnerability Fixation
Anonymous FTP Access Is Enabled

Solution

Ensure to use the latest version of the FTP service software.

FTP service in Windows Server 2008 and the vsftpd service in Linux as examples of how to harden the FTP service:

1. Open Internet Information Services (IIS) Manager, check hardening features for the FTP service
2. Disable anonymous logon.
3. Create an FTP account.
4. Disable the anonymous logon functionality.
5. Enable a strong password security policy: Password must meet complexity requirements.
6. Enable the policy for handling account logon failures
7. Enable the FTP directory isolation feature.
8. Specify accessing IP addresses
9. Enable the authorization policy.
10. Enable SSL encryption for data transmission
11. Create a server certificate.
12. Apply the created certificate.
13. Enable the logging feature

1. Add a new user “test” and configure a strong password for the user
2. Modify the vsftpd.conf configuration file.
3. Set anonymous_enable=NO
4. Disable displaying banner information.
5. Modify the statement as ftpd_banner=Welcome
6. Limit users that can log on to FTP services
7. Limit accessible directories for FTP users.
8. chroot_list_enable=YES
9. chroot_list_file=/etc/vsftpd/chroot_list
10. Modify the listening address and the default port
11. listen_address=192.168.0.192
12. listen_port=8888
13. Enable the logging feature
14. xferlog_enable=YES
15. xferlog_std_format=YES
16. Enable other security configurations in the file

If you do not need the service, we recommend that you disable the FTP service.