How to improve the security of the FTP server in an all-round way.

FTP may be a stranger to many users, but this thing is still very often used in the work, but because it involves the communication of files and the like. Things, so the issue of security is very interesting. FTP is a file transfer protocol. Sometimes we call his image "<; file exchange centralized". The main purpose of the FTP file server is to provide space for file storage, allowing users to upload or download the required files. In the enterprise, customers are often given a specific FTP space to facilitate the exchange of large files, such as design drawings up to several hundred megabytes. At the same time, FTP can also be used as a backup server for enterprise files, such as key applications such as databases on the FTP server to achieve offsite backup and so on.

It can be seen that the application of FTP server in the enterprise is very extensive. It's really because its function is so powerful, so many hackers and viruses have begun to “follow” he is. They attempted to use the FTP server as a springboard as a source of Trojans and viruses. At the same time, because the FTP server stores a lot of valuable content of the enterprise. Under the temptation of economic interests, the FTP server has become the object of attack by others.

So, the security of the FTP server is gradually becoming more important. The FTP server I use is based on the Vsftpd software on the Linxu operating system platform. Today, I use this software as an example to talk about how to design the security of the FTP server.

1. Who can access the FTP server?

When considering the security of the FTP server, the first step to consider is who can access the FTP server. In the Vsftpd server software, three types of users are provided by default. Different users correspond to different permissions and operations.

One type is a Real account. This type of user means having an account on the FTP service. When such a user logs in to the FTP server, the default home directory is the directory whose account is named. However, it can also be changed to other directories. Such as the system's home directory and so on.

The second type of account is a real guest user. In an FTP server, we tend to set up an account for different departments or for a specific user. However, this account has a feature that it can only access its own home directory. In this way, the server guarantees the security of other files on the FTP service. This type of account is called the Guest user in the Vsftpd software. An account with such a user can only access directories under its home directory and not access files outside the home directory.

The third type of account is an Anonymous (anonymous) user, which is what we usually call anonymous access. This type of user means that there is no designated account in the FTP server, but it can still access some public resources anonymously.

When building an FTP server, we need to classify users according to their type. By default, the Vsftpd server will assign all established accounts to Real users. However, this often does not meet the needs of corporate security. Because such users can not only access their own home directory, but also access other users' directories. This brings certain security risks to the space where other users are located. Therefore, enterprises should modify the categories of users in the actual situation.