Applies To:

Show Versions Show Versions

Manual Chapter: Securing FTP Traffic Using the Default System Configuration
Manual Chapter
Table of Contents   |   Next Chapter >>

Overview: Securing FTP traffic

This implementation describes how to secure FTP traffic. When you create an FTP security profile, the BIG-IP® Protocol Security Manager™ inspects FTP traffic for network vulnerabilities. To activate security checks for FTP traffic, you enable FTP security for an FTP service profile, and associate the service profile with a virtual server.

You can configure the Protocol Security Manager to generate alarms or block requests for the following FTP security risks:

  • Port scanning exploits
  • Anonymous FTP requests
  • Command line length exceeds the defined length
  • Specific FTP commands
  • Traffic that fails FTP protocol compliance checks
  • Brute force attacks (excessive FTP login attempts)
  • File stealing exploits

Task summary

Creating an FTP service profile with security enabled

The easiest method for initiating FTP protocol security for your FTP virtual server traffic is to use the system default settings. You do this by enabling protocol security for the system-supplied FTP service profile, and then associating that service profile with a virtual server.
  1. On the Main tab, click Local Traffic > Profiles > Services > FTP. The FTP profile list screen opens.
  2. In the Name column, click ftp. The Properties screen for the system-supplied FTP profile opens.
  3. In the Settings area, clear the Translate Extended check box, if you want to disable IPv6 translation.
  4. Leave the Data Port setting at the default value, 20.
  5. Select the Protocol Security check box to enable FTP security checks.
  6. Click Update.
You now have a security-enabled service profile that you can associate with a virtual server so that FTP protocol checks are performed on the traffic that the FTP virtual server receives.

Creating an FTP virtual server with protocol security

When you enable protocol security for an FTP virtual server, the system scans any incoming FTP traffic for vulnerabilities before the traffic reaches the FTP servers.
  1. On the Main tab, click Local Traffic > Virtual Servers. The Virtual Server List screen opens.
  2. Click the Create button. The New Virtual Server screen opens.
  3. In the Name field, type a unique name for the virtual server.
  4. For the Destination setting, in the Address field, type the IP address you want to use for the virtual server. The IP address you type must be available and not in the loopback network.
  5. In the Service Port field, type 21 or select FTP from the list.
  6. In the Configuration area, for the FTP Profile setting, select the default profile, ftp.
  7. From the Source Address Translation list, select Auto Map.
  8. For the Default Pool setting, either select an existing pool from the list, or click the Create (+) button and create a new pool.
  9. Click Finished.
The custom FTP virtual server appears in the Virtual Servers list.

Reviewing violations statistics for security profiles

Protocol Security Manager provides statistics and transaction information for each profile that triggers any of the security violations defined by each service profile. If you enable the Alarm flag for a violation and incoming traffic triggers the violation, the Protocol Security Manager logs the request, which you can review on the Statistics screen of the Protocol Security Manager. If you enable the Block flag for any of the violations, the Protocol Security Manager blocks the request.
  1. On the Main tab, click Security > Event Logs > Protocol > HTTP, FTP, SMTP. The Protocol: HTTP, FTP, SMTP statistics screen opens listing all violations, organized by protocol, with the number of occurrences.
  2. Type a Support ID, if you have one, to filter the violations and view one in particular.
  3. Click a violation's hyperlink to see details about the requests causing the violation. On the Statistics screen, in the left column, you can review information regarding the traffic volume for each security profile configured.
Table of Contents   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)