From CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

In this Chapter

The File Transfer Protocol (FTP) component of the Internet Information Server (IIS) provides you with the ability to upload and download files to and from the IIS server, and allows you to manipulate files remotely. If you decide to enable the FTP component, be sure you carry out the following security guidelines and procedures outlined in this chapter to protect your FTP server.

  • Configuring FTP Sites

  • Securing FTP Resources

  • Configuring FTP User Isolation

  • Securing the FTP Connection

  • Enabling and Securing the FTP Access Log File

Throughout this chapter, you will learn different ways to secure your FTP contents, along with methods for securing the FTP connection, as FTP transfer does not support its own security. You will also learn to customize passive mode connections on the FTP server for better firewall security support and finally, you will learn how to use some of the new FTP features in IIS 6.0 to isolate FTP users.

Configuring FTP Sites

FTP provides a simple way for transferring files between client machines and the IIS server. This typically involves sharing files over the Internet so that users can connect to their servers and download desired files, or allowing users to post their files onto your server. By default, the FTP component is not installed with IIS 6.0, which is shipped in default locked-down mode. Before configuring the FTP component, you must first correctly install it. Refer to Chapter 3 for FTP installation instructions.

By the Book

While the IIS package includes...

Products & Services
Data Security Software
Data security software restricts access to stored data and processes on a computer or server. These applications are designed to prevent data loss, corruption, or disclosure of sensitive information.
Web Browsers
Web browsers are software applications that allow users interact with objects (e.g. text, images, videos) by retrieving, presenting, and traversing the information on a web page downloaded from the World Wide Web or a local area network.
Web Application Software
Web application software is used in the design, implementation, optimization and maintenance of web sites and web clients. These tools include web browsers, plug-ins, scripting languages, and other similar applications.
Network Clock Sources
Network clock sources are timing devices that use a signal from an atomic clock or other external reference source to set and maintain a central time for all of the elements in a network.
Time Servers
Time servers are dedicated network computers that provide time-synchronization functions for all of the devices in the network.

Topics of Interest

In This Chapter Windows Server 2003 provides e-mail services compromising both a Simple Mail Transfer Protocol (SMTP) server (for delivering mail), and a Post Office Protocol v3 (POP3) server (for...

Introduction It s easy to think of Internet Information Server (IIS) as a mechanism for hosting Web sites or Web applications. However, IIS provides several optional components that can either be...

Introduction FTP (file transfer protocol) is a standardized method of allowing users to list and transfer files between your server and their client computer. FTP is usually set up as a secondary...

AN1111 An FTP Server Using BSD Socket API FEATURES Author: Sean Justice Microchip Technology Inc. The FTP server provided here does not implement all FTP functionality, it is a minimal server that is...

In This Chapter Traditional Web publishing has involved utilizing the File Transfer Protocol (FTP), whereby users upload new content to their Web server via a dedicated FTP client. This process has a...