I took an old PC and installed Win2K on it, then IIS and setup an FTP site. I would like to know about securing it. The stuff that will be in the FTP folder is not really that important to me, but I would just like to know I have set it up properly. I turned off anonymous login and gave the user a password protected account, set NTFS permisions on the folder specifically for the FTP user I setup and no one else, I gave the user read and write permissions. I set up logging. I then installed Sygate personal firewall and set up and tested it, it only showed ports 21 and 80 as being open and available all, others were in stealth mode. Does this sound like it is safe enough for what I am trying to do? Iss there anything I have overloooked or need to think about?