UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

If the system is an anonymous FTP server, it must be isolated to the DMZ network.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4702 GEN004840 SV-35101r1_rule ECSC-1 Medium
Description
Anonymous FTP is a public data service which is only permitted in a server capacity when located on the DMZ network.
STIG Date
HP-UX 11.31 Security Technical Implementation Guide 2017-05-19

Details

Check Text ( C-36581r1_chk )
Use the command ftp to connect the system's FTP service. Attempt to log into this host with a user name of anonymous and a password of guest (also try the password of guest@mail.com). If the logon is not successful, this check is not applicable.
# ftp localhost
OR
# ftp `hostname`

Ask the SA if the system is located on a DMZ network. If the system is not located on a DMZ network, this is a finding.
Fix Text (F-31949r1_fix)
Move the system to a DMZ network.