| If you have installed the FTP service, open the Internet Information Services management tool as described in the previous section, right-click Default FTP Site, and select Properties. To establish a secure server, make the following settings: On the FTP Site tab, be sure to check Enable Logging (see the "Log Files" section). On the Home Directory tab, you can specify the folder in which FTP looks for files. CAUTION The FTP folder really should be stored on a disk partition that uses the NTFS format. If possible, you should not use the same disk partition that your Windows folder is on. Software bugs are a fact of life, and bugs in FTP could have very serious consequences. (They've been found before, and bugs are likely to still exist.) Protect yourself by setting up a separate partition just for FTP data. See Chapter 29, "Managing the Hard Disk," for information on disk partitions.
On the Security Accounts tab, you'll have to decide whether or not to permit access based on account names and passwords. Remember that FTP sends passwords without encryption, so permitting password-controlled access is a security risk. With anonymous access, where passwords are not required, you should let people pick up but not send you files. If you really do need to let people send you files with FTP, you'll have to use password control. Here are the specific things you'll need to do: If you will use FTP to let people pick up files only, check Allow Anonymous Connections and check Allow Only Anonymous Connections. Be sure that Write permission is not checked on the Home Directory tab or any of its subfolders. If you want to let people send you files, you should uncheck Allow Anonymous Connections and uncheck Allow Only Anonymous Connections. Select only specific directories to give Write permission. In addition, you should use NTFS- formatted disks, disable Simple File Sharing so you can make user-specific file security settings, and set appropriate user-specific permissions on the folders shared by your FTP server. You should create "limited" user accounts that are used only for FTP access. Don't use your real Windows logon account to sign on to the FTP server, as it could be picked up by Internet snoopers and used to break into your computer. Instead, give yourself a second identity, and use NTFS security to give both your real Windows account and your FTP-only account read and write privileges to the FTP folders.
On the Messages tab, under Welcome, enter a greeting followed by a warning of this sort: All access to this server is logged. Access to this server is allowed by permission only and unauthorized use will be prosecuted.
(You might want to consult your attorney to choose the proper wording!) You can view and disconnect current FTP site visitors from the FTP Site tab of the Default FTP Properties dialog by clicking Current Sessions. You can use Disconnect to remove any of them if, for some reason, you need to terminate their activity on your computer. |
