CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

The File Transfer Protocol (FTP) component of the Internet Information Server (IIS) provides you with the ability to upload and download files to and from the IIS server, and allows you to manipulate files remotely. If you decide to enable the FTP component, be sure you carry out the following security guidelines and procedures outlined in this chapter to protect your FTP server.
Configuring FTP Sites
Securing FTP Resources
Configuring FTP User Isolation
Securing the FTP Connection
Enabling and Securing the FTP Access Log File
Throughout this chapter, you will learn different ways to secure your FTP contents, along with methods for securing the FTP connection, as FTP transfer does not support its own security. You will also learn to customize passive mode connections on the FTP server for better firewall security support and finally, you will learn how to use some of the new FTP features in IIS 6.0 to isolate FTP users.
FTP provides a simple way for transferring files between client machines and the IIS server. This typically involves sharing files over the Internet so that users can connect to their servers and download desired files, or allowing users to post their files onto your server. By default, the FTP component is not installed with IIS 6.0, which is shipped in default locked-down mode. Before configuring the FTP component, you must first correctly install it. Refer to Chapter 3 for FTP installation instructions.
While the IIS package includes...