Securing an Anonymous FTP Server in Solaris 8 with WU-FTPD

An anonymous FTP server can be a valuable asset for Internet sites, allowing them to distribute everything from source code and compiled programs to image files and educational material quickly, easily, and reliably. Unfortunately, anonymous FTP servers 'out-of-the-box' are inherently insecure. Insecure FTP servers can cause a site to be vulnerable to malicious users. For example a FTP server could be turned into a repository of illicit material or could be used to attack other machines on the Internet. Luckily anonymous FTP servers can be made more secure. A good choice for a secure anonymous FTP server is the wuarchive FTP daemon (WU-FTPD). This paper will present one method of securing an anonymous FTP server in an UNIX environment. The paper will begin with a brief overview of the FTP protocol as defined in IETF Standard 9 RFC-959 including vulnerabilities in its design. A discussion will then proceed about the advantages and disadvantages of anonymous FTP. Next a synopsis of anonymous FTP security basics followed by highlights of the security features of WU-FTPD will be presented. The paper will then focus on the compilation installation and configuration of a secure anonymous WU-FTPD server running on a Solaris 8 platform.