Securing FTP

Posted on 2006-04-02
Last Modified: 2012-05-05
I am setting up FTP to allow only a few users to connect.  I am aware of the clear text password issue, so I created a group called 'FTP'.  I then created a user 'FTPUser', and changed the group membership from the 'Users' group to the 'FTP' group.  I am isolating the group/user combination to the FTP directory via NTFS permissions that I propigated throughout the FTP folder structure.  I figure if someone captures the password, they can only access this directory structure and nothing else.  Does this sound like a good plan?  Is there anything else I can do further to secure this?
Question by:bleujaegel
    LVL 2

    Accepted Solution

    Hi bleujaegel,
    This sounds like you are following the guidelines set out by microsoft article which is reference throughout EE.

    if you are aware of the IP addresses of where your using are coming from you could set the directory access to a default of deny unless ip = the addresses you allow.

    This means someone whould have to capture the pass as well as spoof the source address they are comign from.

    I think that is about as secure as you can get it

    LVL 15

    Assisted Solution

    Instead of using FTP, you might be able to use SCP or SFTP, which is secure.

    Open Source SSH Server (SCP and SFTP uses SSH as its transport) for Windows:
    Open Source SCP & SFTP client for Windows:

    An article on SSH / SCP / SFTP for Windows:
    An article on setting up a SFTP Server on Windows:
    LVL 2

    Author Comment

    Good point to deny by IP.

    I will check out the secure FTP apps.  


    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now