Overview
Security scans might report "Accessible Anonymous FTP Server" or "FTP-Service Anonymous-Logon Information Gathering".
Solution
The "Accessible Anonymous FTP Server" entry means that users can access the FTP server using the "anonymous" or "ftp" accounts with any password. Some FTP server software is installed with anonymous access enabled by default.
The FTP server may contain sensitive files because anonymous FTP servers are often used to exchange files between different users. These files can be downloaded by anybody who visits this FTP server. Anonymous FTP is often used for "bounce attacks". Bounce attacks enable unauthorized users to scan networks, hosts, and ports behind a firewall. This can result in internal networks, VPN, and Intranets being compromised.
By default, FTP is disabled in Lithium installation. It is only enabled when the client requests it. SFTP is available to be used if you wish to do so. If you need to use FTP, you must adjust the account and directory access to make it more secure.
Priyanka Bhotika
Comments