HPE Community
Operating System - HP-UX
1753674 Members
5344 Online
108799 Solutions
New Discussion юеВ

restrict ftp services

 
unixadmin_1
Frequent Advisor

тАО01-06-2009 05:32 AM

тАО01-06-2009 05:32 AM

restrict ftp services

The FTP service was active on the system. If powerful useraccounts are allowed to log on via FTP, the system resources and information are unnecessarily exposed to unauthorised access, tampering and damage. Passwords transmitted via FTP are sent in clear text, which increases the possibility of these passwords being intercepted and logged by тАЬsnifferтАЭ software. The information thus obtained could then be used to gain unauthorised access to the system via other, less restrictive services.
0 Kudos
6 REPLIES 6
Pete Randall
Outstanding Contributor

тАО01-06-2009 05:40 AM

тАО01-06-2009 05:40 AM

Re: restrict ftp services

If you have a question(s), would you please ask it (or them)? Re-stating accepted security practices doesn't really seem to accomplish much.


Pete

Pete
0 Kudos
Ganesan R
Honored Contributor

тАО01-06-2009 05:44 AM

тАО01-06-2009 05:44 AM

Re: restrict ftp services

Hi,

This case you should go far ssh with sftp and chroot configuration.
Best wishes,

Ganesh.
0 Kudos
yulianto piyut
Valued Contributor

тАО01-06-2009 05:46 AM

тАО01-06-2009 05:46 AM

Re: restrict ftp services

to restrcit ftp access, u can use tcpwrapper. just mention the ip address allowed to make ftp to your server in /etc/hosts.allow and /etc/hosts.deny. to secure, disable ftp service in /etc/inetd.conf and ask user to use sftp service.
0 Kudos
unixadmin_1
Frequent Advisor

тАО01-06-2009 06:32 AM

тАО01-06-2009 06:32 AM

Re: restrict ftp services

is there any procedure or command for restricting services for unauthorised access to the system...Thank you
0 Kudos
Johnson Punniyalingam
Honored Contributor

тАО01-06-2009 06:41 AM

тАО01-06-2009 06:41 AM

Re: restrict ftp services

>>is there any procedure or command for restricting services for unauthorised access to the system...Thank you<<

That's why people now days do not use "ftp' service anymore, Due to securety issues,

All Organisation adviced to use only "sftp" secured sftp service, by disabling the ftp and enabling "sftp" services.

>>restricting services for unauthorised <<

You follow with many ways.

1. Creating "anoynums" ftp access only
2. creating ftp.allow.file and ftp.deny.file
3. blocking the ips by specify the ip address range in the /var/adm/inetd.sec
Example:-
ftp allow 192.168.1.1
ftp deny 192.168.1.2

(Most Recommended Action to avoid ftp and use sftp)

Thanks,
Johnson
Problems are common to all, but attitude makes the difference
0 Kudos
unixadmin_1
Frequent Advisor

тАО02-12-2009 05:04 AM

тАО02-12-2009 05:04 AM

Re: restrict ftp services

Thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.