UCF STIG Viewer Logo

FTP servers must be configured to prevent anonymous logons.


Overview

Finding ID Version Rule ID IA Controls Severity
WN12-GE-000026 WN12-GE-000026 WN12-GE-000026_rule Medium
Description
The FTP (File Transfer Protocol) service allows remote users to access shared files and directories. Allowing anonymous FTP connections makes user auditing difficult. Using accounts that have administrator privileges to log on to FTP risks that the userid and password will be captured on the network and give administrator access to an unauthorized user.
STIG Date
Microsoft Windows Server 2012 Domain Controller Security Technical Implementation Guide 2013-07-25

Details

Check Text ( C-WN12-GE-000026_chk )
If FTP is not installed on the system, this is NA.

Open a "Command Prompt".
Attempt to log on as the user "anonymous" with the following commands:

C:\>ftp localhost
(Connected to "servername".
220 Microsoft FTP Service)

User: anonymous
(331 Anonymous access allowed, send identity (e-mail name) as password.)

Password: password
(230 User logged in.)
ftp>

If the command response indicates that an anonymous FTP login was permitted, this is a finding.

Severity Override: If accounts with administrator privileges are used to access FTP, this becomes a CAT I finding.
Fix Text (F-WN12-GE-000026_fix)
Configure the system to prevent an installed FTP service from allowing anonymous logons.