6.2 Ensure FTP Logon attempt restrictions is enabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

FTP Logon attempt restrictions is a built-in network security feature to automatically block brute force FTP attacks. This can be used to mitigate a malicious client from attempting a brute-force attack on a discovered account, such as the local administrator account.

Rationale:

Successful brute force FTP attacks can allow an otherwise unauthorized user to make changes to data that should not be made. This could allow the unauthorized user to modify website code by uploading malicious software or even changing functionality for items such as online payments.

Impact:

N/A

Solution

To configure FTP Logon Attempt Restrictions at the server level using AppCmd.exe or PowerShell:

Enter the following command in AppCmd.exe to configure:

%systemroot%\system32\inetsrv\appcmd.exe set config -section:system.ftpServer/security/authentication /denyByFailure.enabled:'True' /commit:apphost

OR

Enter the following command in PowerShell to configure:

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter 'system.ftpServer/security/authentication/denyByFailure' -name 'enabled' -value 'True'

Default Value:

By default, this feature is not enabled when FTP is installed.

See Also

https://workbench.cisecurity.org/files/4131