Hardening FTP Servers
Hardening FTP Servers: File Transfer Protocol (FTP) servers are not intended for high-security applications because of their inherent weaknesses, Most FTP servers allow you to create file areas on any drive on the system.
You should create a separate drive or subdirectory on the system to allow file transfers. If possible, use virtual private network (VPN) or Secure Shell (SSH) connections for FTP-type activities.
FTP is not notable for security, and many FTP systems send account and password information across the network unencrypted. FTP is one of the tools frequently used to exploit system.
From an operational security perspective, you should use separate logon accounts and passwords for FTP access.
Doing so will prevent system accounts from being disclosed to unauthorized individuals. Also, make sure that all files stored on an FTP server are scanned for viruses.
You should always disable that anonymous user account. To make FTP use easier, most servers default to allowing anonymous users to copy files to and from your servers.
Disabling anonymous access requires the user to be a known, authenticated user in order to access the FTP server.
TIP: As mentioned in the web access discussion, an account is created on servers that offer FTP service for representing the anonymous user. For example, the IUSR_computername account is created in versions of IIS when services are installed. Rights assigned to this account apply to all anonymous users.
The best ways to secure FTP is to replace it altogether. Instead of using FTP, the same functionality can be found in more secure services such as Secure File Transfer Protocol (SFTP).