Configuring FTP Site Authentication
Updated: August 22, 2005
Applies To: Windows Server 2003, Windows Server 2003 with SP1
Configure FTP site authentication for your FTP server by completing the following steps:
Select the FTP site authentication method that fulfills the security requirements of your organization, based on the information in Table 3.10.
The authentication methods that you select vary, based on the ability of the method to protect user credentials (user account and password information). Select the strongest authentication method possible to help ensure that the credentials of your users are protected. Table 3.10 lists and describes these FTP site authentication methods.
Table 3.10 FTP Site Authentication Methods
Authentication Method Description
Anonymous FTP authentication
For transferring any confidential information, avoid using Anonymous FTP authentication because no user authentication is performed with Anonymous FTP authentication, and anyone can transfer the information.
Basic FTP authentication
Basic FTP authentication sends the user name, password, and data in plaintext and can easily be discovered.
Configure the FTP server to use the FTP site authentication method that you selected in the previous step.
When you are transferring confidential data:
Use FTP within your intranet. Internet Protocol security (IPsec) is required between the client computers and the FTP server to encrypt the user name, password, and any data transferred.
Use FTP outside your intranet (for remote users). A virtual private network (VPN) tunnel is required between the client computers and your intranet to encrypt the user name, password, and any data transferred.
For information about how to configure FTP server authentication, see Configure FTP Server Authentication.