|
| 
Help, configuration
and tips.
| | Security
 These settings allow you to control the security features of the FTP server, such as anti-hammering, restricting FXP, enabling SSL / TLS and more.
Allow
Accounts to Enable Password Changing - If this is enabled and an account has
this option enabled, any logged in user in that account can send the 'SITE CPWD
(newpassword)' command to change the account's password. If this option is disabled,
all accounts and groups will not allow the password to be changed. Allow
Parameters in 'Execute' Commands - If this is enabled and an account has file
execution access rights (the ability send a 'SITE EXEC' command), parameters will
be permitted and passed onto the executable file. It is recommended that this
option is not enabled as execution parameters cannot be checked for security,
which could in-avertedly cause a security hole in your FTP server. Also, accounts
with file execution access rights should have a strong password which is known
only by trusted users. Allow
Site to Site File Transfers (FXP) - If this is enabled, the server will allow
logged in users to perform site to site transfers. Site to site transfers is a
name given to the action where an FTP client can connect two FTP servers together
and transfer files directly between them. However, this has potential security
implications so it is recommended not to enable this feature. Ability FTP Server
does have additional security built in to reduce the danger that site to site
transfers introduce, but there is still no guarantee that this is will make site
to site transfers completely safe. Block
'Time-Out Prevention' Activities - Most FTP clients attempt to prevent an
FTP connection from closing when the connection enters an idle state. Enabling
this option will prevent these activities and ensure only users who are truly
using the server maintain an open connection. Enable
Anti-Hammering - Enabling this option will cause a user to be blocked if they
fail to login after 5 attempts. Blocking is based on the user's IP and they will
remain blocked for 10 minutes. This technique helps prevent rogue password cracking
software from guessing your account passwords. Additionally, the Ability FTP Server
always pauses for 3 seconds when a password is incorrect, which also helps protect
account passwords.
SSL / TLS Options
This section of the security settings allows
you to enable the use of SSL and TLS, both implicitly and explicitly. It also
allows you to control your SSL certificates that can either be created by the
FTP server or imported from another location.
-
Encrypt
Data Connection By Default - FTP uses a separate connection for transferring
files. Even when using SSL / TLS, this is normally un-encrypted This this will
set the data connection to be encrypted by default. -
Enable
SSL / TLS - This allows you to quickly and easily enable or disable the use
of SSL and TLS within the FTP server. -
Enable
Explicit SSL / TLS - This allows SSL / TLS connections using the normal FTP
port. SSL or TLS encryption is only used if an FTP client issues an 'AUTH SSL'
or 'AUTH TLS' command during login. This is the simplest and most supported method
of SSL. -
Enable
Implicit SSL - Implicit SSL allows the FTP server to additionally allocate
another port for SSL connections. Communication on this port requires less overhead
as SSL negotiation is done immediately, removing the need for plain text commands
to initialise SSL communication. -
Accept
Connections on Port - This is the port which Implicit SSL will listen on. -
Listen
Only on IP - This option allows you to bind the Implicit SSL listening port
to a single IP address. If an host name is provided then it will be converted
to an IP address which will then be used for binding. -
Certificates
- This will take you to the Certificate dialog where you can manage the certificates
used by Ability FTP Server. You must have at least one certificate for SSL communication
to work. For more information, please read the Certificates
section. | |
|
|
