Experts teach you to build a secure ProFTPD

proftpd is a powerful open source configurable FTP server software. The last word in the name is because it is called daemon in Linux. ProFTPd is very similar to Apache, so it's easy to configure and manage. PROFTP is easy to configure, and MySQL and Quota modules are available to choose from, perfect combination with them to achieve non-system account management and user disk limitations. Here, we show you how to build a secure ProFTPD.

A. The security risks faced by ProFTPD services

The security risks faced by ProFTPD services include buffer overflow attacks (buffer overflows), data sniffing and anonymous access defects.

1. Buffer Overflow Attacks

For a long time, it has become a problem in computer systems with buffer overflows. The most famous case of the Morris worm is the use of computer buffer overflow vulnerabilities in November 1988. However, even its hazard is an important means of well-known buffer overflow intrusion.

The concept of buffer overflow: buffer overflows like a hundred kilograms of goods can only be installed in a 12 kilogram container. The buffer overflow vulnerability is a problem that has plagued security experts for more than 30 years. Simply put, it is a programming mechanism caused by errors in the memory software. With such a memory error, a hacker can run a piece of malicious code to disrupt the normal operation of the system and even gain control of the entire system.

2.Data sniffing

FTP is a traditional web service program that is inherently insecure. Because plaintext passwords and data are used on the network, people with ulterior motives can easily Intercept these passwords and data. The security verification of these service programs is also its weakness, and it is very vulnerable to this type of attack by the middleman.

The so-called "middleman" attack method, pretending to be a real server to receive data to the server as a "middleman", and then pretending to pass the data to the real server. The transfer between the data transfer and the server after the hands and feet of the "middle man" will be a very serious problem. The method of intercepting these password brute force can be intercepted. In addition, using the sniffer program to monitor network packets to capture session information from the beginning of FTP, it is easy to intercept the root password.

3. Anonymous access flaws

Anonymous access to FTP services, extensive support, but no real authentication anonymous FTP, so it is easy to provide an access channel for intruders, buffer overflow attacks Will lead to very serious consequences.

4. Denial of Service Attacks

Denial of service is a low-tech, but attack on this type of attack, server or network device attacks for a long time does not provide services, due to some The inherent flaws of network communication protocols are also difficult to come up with an effective solution. In order to prevent denial of service attacks, we need to deploy a defense denial of service attack strategy from a global perspective, and multiple policy linkages to prevent denial of service attacks from being minimized.

proftpd was developed for the weaknesses of WU-FTP. In addition to improving the security weaknesses, there are many features of WU-FTP, single-machine, xinetd mode. Ordinary users generally do not use this knowledge, and users of this knowledge need to learn quickly.