If my IIS 6.0 web server is disabled and the only other service running is FTP, what are the security risks of allowing anonymous FTP read/write, considering that a random person couldn't use any sort of php/asp shell to compromise my system?
Asked
Active
Viewed 8,849 times
2 Answers
5
Depends on what files/directories you let them read/write. If there's nothing of value in there (e.g., just benign files) they can't do much to compromise your system assuming your FTP server is fully patched and doesn't have any zero-day vulnerabilities. However, they still could fill up your disk space (potentially crashing the system or otherwise DoSing it) if quotas aren't in place and its on the same partition as the OS. Or they could use your system for illegal purposes (sharing copyrighted information/child pornography/etc.).
If you let them read/write important system directories/confidential information, they can do worse things. I'm not a windows user; but if they know where to look they could get password hashes (the equivalent of /etc/shadow) with read permissions (and use GPUs to attempt to crack offline) or with write permissions possibly insert a hash for a password they know so they can log in as a privileged user.
dr jimbob
- 38,768
- 8
- 92
- 161
-
So if I only allowed write to the web server directory no one can upload any sort of shell that could allow them to compromise the system? – Bhubhu Hbuhdbus Apr 16 '12 at 19:08
-
1@BhubhuHbuhdbus, no, that should not be possible, as long as your IIS webserver is fully patched/updated (and has no unknown vulnerabilities). – D.W. Apr 16 '12 at 19:21
2
Read access. Enabling anonymous read access to files you intend to be public is relatively low risk. The primary security risks are: (1) misconfiguration: you inadvertently grant access to a file that shouldn't be public, (2) vulnerability: there is some security vulnerability in the IIS code that can be exploited.
Write access. Enabling anonymous write access is riskier. If you let someone upload a file that will then be readable by anyone else, you run the risk of your site being used as for warez (pirated software), as a drop site for credit card numbers and other stuff grabbed by online criminals, or other unsavoury purposes. Enabling write access to a particular directory under the ftp root isn't gonna let the bad guys breach the security of your machine, but you still don't want your machine being used as a distribution point for illegal or unsavoury stuff.
If you need write access enabled, I suggest creating a special directory for uploads which is writeable by everyone but not readable by anonymous users (it is only readable by you, or by other users you authorize).
