Critical

Ensure there is no unrestricted inbound access to TCP port 21 (FTP)

Security & Compliance
Description

TCP port 21 is the default port used by File Transfer Protocol (FTP) to transfer files between systems over a network. An unrestricted inbound access to this port can allow attackers to connect to the FTP server and potentially exploit vulnerabilities, leading to unauthorized access or data exfiltration.

Remediation

To remediate the security risk of unrestricted inbound access to TCP port 21 (FTP), you can take the following steps:

  1. Disable anonymous FTP access: Anonymous FTP allows anyone to access files without authentication. Disable anonymous access to prevent unauthorized users from accessing files.
  2. Use strong authentication: Ensure that strong authentication mechanisms are used to prevent unauthorized access. Use username and password, or public-key authentication methods to secure the FTP server.
  3. Use encryption: Implement encryption mechanisms such as SSL/TLS to secure the FTP connection between the client and the server. This ensures that the data is encrypted during transit and prevents interception by attackers.
  4. Limit access to specific IP addresses: Configure the FTP server to allow access only from specific IP addresses. This will restrict the scope of the vulnerability and ensure that only authorized users can access the FTP server.
  5. Use a firewall: Use a firewall to block incoming connections to port 21 from unauthorized IP addresses. Configure the firewall to allow access only from trusted IP addresses. This adds an extra layer of security to the FTP server.
  6. Keep the FTP server software up to date: Regularly update the FTP server software to the latest version to ensure that known vulnerabilities are patched. This ensures that the FTP server is secure and reduces the risk of unauthorized access.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.