20.30 Ensure 'FTP servers must be configured to prevent anonymous logons'

Information

This policy setting ensures that File Transfer Protocol (FTP) servers are configured to prevent anonymous logons.

The STIG recommended state for this setting is: Disabled

The FTP service allows remote users to access shared files and directories. Allowing anonymous FTP connections makes user auditing difficult and can allow attackers to gain access to data and store malware and launch attacks from the system.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To configure the FTP service to prevent anonymous logons:

- Open

Internet Information Services (IIS) Manager

- Select the

server

, double-click

FTP Authentication

- Select

Anonymous Authentication

- Select Disabled under

Actions

Impact:

Using accounts that have administrator privileges to log on to FTP risks that the userid and password will be captured on the network and give administrator access to an unauthorized user.

See Also

https://workbench.cisecurity.org/benchmarks/15301

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: f9cd09bac5c5222aa0973b4467d3c6c86b42a6cc27abe9970276d58ccf904172