Page 350 - StudyBook.pdf
P. 350

334    Chapter 5 • Communication Security: Web Based Services

             transmitted using cleartext. If certain users also need to upload files, then individual
             user accounts are wise to implement, as this will provide limitations over who can
             put files on your server. In all cases however, it is advisable to limit permissions and
             privileges to the FTP server as much as possible, and never give anyone more access
             than absolutely necessary.
                 If FTP servers are going to be accessed by the public, it is important to isolate
             it from the rest of the network, so that if security is compromised the attacker
             won’t be able to access servers and workstations on your internal network. By
             placing FTP servers on a perimeter network, the server is separated from the
             internal network, preventing such attacks from occurring.
                 When configuring FTP servers, it is also important to design the directory
             structure carefully and ensure that users don’t have more access than necessary.The
             root directory of the FTP server is where FTP clients will connect to by default, so
             these should not contain any confidential data or system files. In addition to this,
             you should limit the ability to write to directories, preventing users from uploading
             files to a directory that may be malicious. Regardless of whether you provided
             write access on purpose, you should review the FTP directories on a regular basis
             to ensure that no unexpected files have been added to the server.
                 Another aspect of FTP that opens the system up to security problems is the
             third-party mechanism included in the FTP specification known as proxy FTP. It is
             used to allow an FTP client to have the server transfer the files to a third com-
             puter, which can expedite file transfers over slow connections. However, it also
             makes the system vulnerable to something called a “bounce attack.”
                 Bounce attacks are outlined in RFC 2577, and involves attackers scanning
             other computers through an FTP server. Because the scan is run against other
             computers through the FTP server, it appears at face value that the FTP server is
             actually running the scans.This attack is initiated by a hacker who first uploads files
             to the FTP server.Then they send an FTP “PORT” command to the FTP server,
             using the IP address and port number of the victim machine, and instruct the
             server to send the files to the victim machine.This can be used, for example, to
             transfer an upload file containing SMTP commands so as to forge mail on the
             third-party machine without making a direct connection. It will be hard to track
             down the perpetrator because the file was transferred through an intermediary (the
             FTP server).










          www.syngress.com
   345   346   347   348   349   350   351   352   353   354   355