6.2 Ensure FTP Logon attempt restrictions is enabled - Deny By Failure Enabled

Information

IIS introduced a built-in network security feature to automatically block brute force FTP attacks. This can be used to mitigate a malicious client from attempting a brute-force attack on a discovered account, such as the local administrator account.

Rationale:

Successful brute force FTP attacks can allow an otherwise unauthorized user to make changes to data that should not be made. This could allow the unauthorized user to modify website code by uploading malicious software or even changing functionality for items such as online payments.

Solution

1. Open IIS Manager
2. At the server level, open the FTP Logon Attempt Restrictions feature.
3. Check Enable FTP Logon Attempt Restrictions and enter the maximum number of failed attempts and the time period. Enable Deny IP addresses based on the number of failed login attempts.
4. Click Apply

Default Value:

By default, this feature is not enabled when FTP is installed.

See Also

https://workbench.cisecurity.org/benchmarks/14293

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12)

Plugin: Windows

Control ID: 3bdc92f99418ced0a19b1dc7dca9e5a2a785edeef09f122e2d4ffa7980d9a2bc