FTP is a veteran figure in Internet applications, which facilitates the sharing of files by enterprise users. However, security issues have always been around FTP. How to prevent attackers from stealing important information from FTP servers through illegal means; how to prevent attackers from using FTP servers to spread Trojans and viruses, etc. These are issues that system administrators need to pay attention to. This time I will take VSFTP, which is the most widely used on the Linux operating system platform, as an example to talk about how to improve the security of the FTP server.
1. Prohibit system-level users from logging into the FTP server.
In order to improve the security of the FTP server, it is best for system administrators to set up separate FTP accounts for employees instead of giving system-level users to ordinary users, which will bring great security risks. In the VSFTP server, login accounts can be managed through the configuration file vsftpd.ftpusers. However, this account is on a blacklist, and people included in this account will not be able to use their account to log in to the FTP server. After deploying the VSFTP server, we can use the vi command to view the configuration file and find that it already has many default accounts. Among them, the system's super user root is also among them. It can be seen that for security reasons, the VSFTP server prohibits the root account from logging into the FTP server by default. If the system administrator wants to allow system accounts such as root to log in to the FTP server, he or she needs to delete root and other related user names in this configuration file. However, allowing the system account to log in to the FTP server will have a negative impact on its security. For this reason, I do not recommend that system administrators do this. It is best for administrators not to change any of the related system accounts in this file and retain the settings of these accounts.
If for other reasons you need to disable other accounts, you can add the account names to this file. For example, an FTP server and a database server may be deployed on the server at the same time. For security reasons, it is a good idea to add the database administrator's account to this blacklist.
2. Strengthen control over anonymous users.
Anonymous users refer to those accounts that have not been defined in the FTP server, and the FTP system administrator still needs them to log in for ease of management. But after all, they have not obtained authorization from the server. In order to improve the security of the server, their permissions must be restricted. There are also many parameters on the VSFTP server that can be used to control the permissions of anonymous users. System administrators need to perform relevant configuration work based on the security level of the FTP server. It should be noted that the stricter the permission control of anonymous users, the higher the security of the FTP server, but at the same time the convenience of user access will also be reduced. Therefore, in the end, system administrators still need to strike a balance between server security and convenience.
Below are several configurations I recommend for anonymous users. If you don’t know how to configure them, you can refer to these configurations. These configurations take into account server security and user convenience.
One is the parameter anon_world_readable_only. This parameter is mainly used to control whether anonymous users can download readable files from the FTP server. If the FTP server is deployed within the enterprise and is mainly used by internal employees, it is best to set this parameter to YES. Then put some common corporate forms and other publicly available documents on it, so that employees can download these documents anonymously. This will not affect the security of the FTP server, but will also facilitate the operation of other employees.
The second is the parameter anon_upload_enable. This parameter indicates whether anonymous users can upload files to the FTP server under anonymous access. Normally, this parameter should be set to No. That is, users are not allowed to upload files during anonymous access. Otherwise, if anyone can upload a file, then if the other party uploads a virus file, the company will suffer. Therefore, anonymous users should be prohibited from uploading files. But there are exceptions to this. For example, some companies use FTP protocol to back up files. At this time, if the security of the corporate network is guaranteed, you can set this parameter to YES, which allows the operating system to call the FTP command to back up files on the FTP server. In this case, in order to simplify the deployment of backup procedures, anonymous access is often used. Therefore, anonymous users need to be allowed to upload files on the FTP server.
The third is the parameter anon_other_write_enable and the parameter anon_mkdir_write_enable. These two parameters mainly involve some relatively advanced permissions of anonymous users. For example, the first parameter indicates that the anonymous user has permissions other than uploading and creating subdirectories, such as changing the name of files on the FTP server, etc. The second parameter indicates that anonymous users can create subdirectories under specific circumstances. These functions will affect the security of the FTP server and the security of the files. For this reason, unless there is a special reason, these permissions should be disabled. That is, set the values of these parameters to NO. I think that unless the FTP server is used by the system administrator for fun, these parameters can be turned on. Otherwise, it is better to set these parameters to NO to improve the security of the FTP server.
In general, the control of anonymous users should follow the principle of least privilege. Because anonymous users are users who are not authorized by the FTP server, deep-level permission access control cannot be performed. For this reason, it can only be controlled through these basic parameters.
3. Control the directory well.
Typically, system administrators need to set up different root directories for each different user. For security reasons and to prevent different users from interfering with each other, the system administrator needs to set it up so that users cannot access the root directories of other users. For example, some companies set up an FTP account for each department to facilitate their exchange of files. Then the sales department Sales has a root directory sales; the warehouse department has a root directory Ware. As sales employees, they can access any subdirectory under their own root directory, but they cannot access the warehouse user's root directory Ware. In this case, sales department employees will not be able to access the warehouse user's files. It can be seen that by restricting users from accessing directories other than the root directory, it is possible to prevent different users from interfering with each other and improve the security of files on the FTP server. To achieve this purpose, the parameter chroot_local_user can be set to NO. After this setting, all users logged in locally cannot enter other directories other than the root directory. However, when performing this control, it is best to set up a directory that everyone can access to store some public files. We must ensure the security of the server without affecting the normal sharing and communication of files.
4. Limit the transmission rate.
Sometimes, in order to ensure the stable operation of the FTP server, it is necessary to limit the file upload and download rate. For example, on the same server, FTP server, mail server, etc. are deployed separately. In order for these application services to coexist peacefully, their maximum transmission rate needs to be controlled. Because the bandwidth of the same server has a maximum limit. If an application service occupies a relatively large bandwidth, it will have an adverse impact on other application services, and even cause other application services to be unable to respond to user needs normally. Another example is that sometimes FTP needs to set maximum rate limits depending on its purpose. If FTP is used for file backup, file upload and download at the same time, then in order to improve the efficiency of file backup and shorten the backup time, it is necessary to limit the maximum file upload and download rate.
In order to implement transmission rate limitation, the system administrator can set the local_max_rate parameter. By default, this parameter is not enabled, that is, there is no maximum rate limit. However, based on the above reasons, I still recommend that system administrators set this parameter before putting the FTP server into production. Prevent negative impacts on other application services due to excessive bandwidth consumption for uploading and downloading. System administrators need to achieve a balance among various application services and reasonably allocate bandwidth. At least ensure that each application service can respond to customer requests normally. In addition, when possible, it is necessary to perform off-peak operation. For example, a mail server and an FTP server are deployed on one host at the same time. The FTP server is mainly used for file backup. So in order to prevent file backup from having an adverse impact on email sending and receiving (because file backup requires relatively large bandwidth, which will greatly reduce the speed of email sending and receiving), it is best to separate file backup from the peak period of email sending and receiving. If the peak time for sending and receiving emails is usually when you go to work in the morning, then do not use the FTP service for file backup. During the lunch break, I generally send and receive less emails. At this point you can use FTP for file backup. Therefore, if the FTP server and other application services are run at off-peak hours, the rate can be set higher to improve the operating efficiency of the FTP service. Of course, this places relatively high demands on system administrators. Because system administrators need to analyze various applications and then make comprehensive plans based on server deployment. Unless there are higher measures and better conditions, it is necessary to maximize the transmission rate of the FTP server. Otherwise, it will have a very negative impact on other information services deployed in the enterprise and cause congestion on the enterprise network.