Installed FTP server is configured to allow access to the system drive.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-1121	5.005	SV-29496r1_rule	ECCD-1 ECCD-2	High

Description
This is a Category 1 finding because the FTP service allows remote users to access shared files and directories which could provide access to system resources and compromise the system, especially if the user can gain access to the root directory of the boot drive.

STIG	Date
Windows Vista Security Technical Implementation Guide	2013-10-01

Details

Check Text ( C-516r1_chk )
In the “Command Prompt” window, enter the following command, log on using an authenticated FTP account, and attempt to access the root of the boot drive: X:\>ftp 127.0.0.1 (Connected to ftru065103.ncr.disa.mil. 220 ftru065103 Microsoft FTP Service (Version 2.0).) User: ftpuser (331 Password required for ftpuser.) Password: password (230 User ftpuser logged in.) ftp> dir / If the FTP session indicates access to operating system files like “PAGEFILE.SYS” or “NTLDR,” then this is a finding.

Check Text ( C-516r1_chk )

In the “Command Prompt” window, enter the following command, log on using an authenticated FTP account, and attempt to access the root of the boot drive:

X:\>ftp 127.0.0.1
(Connected to ftru065103.ncr.disa.mil.
220 ftru065103 Microsoft FTP Service (Version 2.0).)

User: ftpuser
(331 Password required for ftpuser.)

Password: password
(230 User ftpuser logged in.)

ftp> dir /

If the FTP session indicates access to operating system files like “PAGEFILE.SYS” or “NTLDR,” then this is a finding.

Fix Text (F-5814r1_fix)
Configure the system to prevent an FTP Service from allowing access to the system drive.