Installed FTP server will not be configured to allow prohibited logins.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-1120	5.004	SV-32251r1_rule		Medium

Description
The FTP (File Transfer Protocol) service allows remote users to access shared files and directories. Allowing anonymous FTP connections makes user auditing difficult. Using accounts that have administrator privileges to log on to FTP risks that the user ID and password will be captured on the network and give administrator access to an unauthorized user.

STIG	Date
Windows Server 2008 R2 Member Server Security Technical Implementation Guide	2016-06-08

Details

Check Text ( C-32938r1_chk )
In the “Command Prompt” window, enter the following command, and attempt to logon as the user “anonymous:” C:\>ftp 127.0.0.1 (Connected to "servername". 220 "servername" Microsoft FTP Service (Version 2.0).) User: anonymous (331 Anonymous access allowed, send identity (e-mail name) as password.) Password: password (230 Anonymous user logged in.) ftp> If the command response indicates that an anonymous FTP login was permitted, then this is a finding. Severity Override: If accounts with administrator privileges are used to access FTP, then this becomes a Category I finding.

Check Text ( C-32938r1_chk )

In the “Command Prompt” window, enter the following command, and attempt to logon as the user “anonymous:”

C:\>ftp 127.0.0.1
(Connected to "servername".
220 "servername" Microsoft FTP Service (Version 2.0).)

User: anonymous
(331 Anonymous access allowed, send identity (e-mail name) as password.)

Password: password
(230 Anonymous user logged in.)
ftp>

If the command response indicates that an anonymous FTP login was permitted, then this is a finding.

Severity Override: If accounts with administrator privileges are used to access FTP, then this becomes a Category I finding.

Fix Text (F-5813r1_fix)
Configure the system to prevent an installed FTP service from allowing prohibited logons.