1.6.1 Encrypt FTP Requests

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

By using SSL, the FTP transmission is encrypted and secured from point to point and all FTP traffic as well as credentials are thereby guarded against interception.

NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Solution

To secure an existing FTP site using a SSL Certificate, a certificate must first be installed on the system. Production systems should always use a third party certificate from a trusted root, such as VeriSign. Once that certificate is installed for use in IIS, follow the steps below to configure the FTP site for SSL: Open IIS Manager, select the FTP server and choose FTP SSL Settings in the Features View pane Under the SSL Certificate dropdown, choose the SSL certificate to be configured for use In the SSL Policy section, click the radio button next to Require SSL connections; it is important to require SSL, because allow SSL still permits non-SSL FTP Click Apply in the Actions pane The new FTP service for IIS 7.0 is not installed by default nor is it available for enabling. FTP 7.5 for IIS 7 is available from Microsoft's web site.

See Also

https://benchmarks.cisecurity.org/tools2/iis/CIS_Microsoft_IIS_7_Benchmark_v1.7.1.pdf