Applies To:

Show Versions Show Versions

Manual Chapter: Securing FTP Traffic Using the Default System Configuration
Manual Chapter
Table of Contents   |   Next Chapter >>

Overview: Securing FTP traffic

This implementation describes how to secure FTP traffic. When you create an FTP security profile, the BIG-IP® Protocol Security Module™ inspects FTP traffic for network vulnerabilities. To activate security checks for FTP traffic, you enable FTP security for an FTP service profile, and associate the service profile with a virtual server.

You can configure the Protocol Security Module to generate alarms or block requests for the following FTP security risks:

  • Port scanning exploits
  • Anonymous FTP requests
  • Command line length exceeds the defined length
  • Specific FTP commands
  • Traffic that fails FTP protocol compliance checks
  • Brute force attacks (excessive FTP login attempts)
  • File stealing exploits

Task summary

Creating a security profile for FTP traffic

The FTP security profile provides the security checks that are applicable to the FTP protocol. In the security profile, you can also specify whether the Protocol Security Module logs violations locally (the default) or to a remote logging server.
  1. On the Main tab, click Protocol Security > Security Profiles > FTP . The Security Profiles: FTP screen opens.
  2. Click the Create button. The New FTP Security Profile screen opens.
  3. In the Profile Name field, type a unique name for the profile.
  4. If you have specified the remote logging server, and you want to enable remote logging for this profile, select the Remote Logging check box.
  5. In the Defense Configuration area, modify the blocking policy settings for each violation. If you do not enable either Alarm or Block for a violation, the system does not perform the corresponding security check.
    Option Description
    Alarm The system logs any requests that trigger the violation.
    Block The system blocks any requests that trigger the violation.
    Alarm and Block The system both logs and blocks any requests that trigger the violation.
  6. Click Create. The screen refreshes, and you see the new security profile in the list.
The BIG-IP system automatically assigns this service profile to FTP traffic that a designated virtual server receives.

Reviewing violations statistics for security profiles

Protocol Security Module provides statistics and transaction information for each profile that triggers any of the security violations defined by each service profile. If you enable the Alarm flag for a violation and incoming traffic triggers the violation, the Protocol Security Module logs the request, which you can review on the Statistics screen of the Protocol Security Module. If you enable the Block flag for any of the violations, the Protocol Security Module blocks the request.
  1. On the Main tab, click Protocol Security > Statistics . The Protocol Statistics screen opens listing all violations, organized by protocol, with the number of occurrences.
  2. Enter a Support ID if you have one to filter the violations and view one in particular.
  3. Click a violation's hyperlink to see details about the requests causing the violation. On the Statistics screen, in the left column, you can review information regarding the traffic volume for each security profile configured.
Table of Contents   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)