Controlling File Transfer Protocol access

If you are using File Transfer Protocol (FTP), you need to control users to protect your data and network. This topic offers tips and security considerations.

If you want to allow FTP clients to access your system, be aware of the following security concerns:

  • Your object authority scheme might not provide detailed enough protection when you allow FTP on your system. For example, when a user has the authority to view a file (*USE authority), the user can also copy the file to a PC or to another system. You might want to protect some files from being copied to another system.
  • You can use FTP exit programs to restrict the FTP operations that users can perform. You can use the FTP request validation exit to control what operations you allow. For example, you can reject GET requests for specific database files.
  • You can use the server logon exit point to authenticate users who log on to the FTP server. Configure anonymous FTP describes how to use exit programs to set up support for anonymous FTP on your system.
  • Unless you use Transport Layer Security (TLS) or Secure Sockets Layer (SSL), FTP passwords are not encrypted when they are sent between the client system and the server system. Depending on your connection methods, your system might be vulnerable to password theft through line sniffing.
  • If the QMAXSGNACN system value is set to 1, the QMAXSIGN system value applies to TELNET but not to FTP. If QMAXSGNACN is set to 2 or 3 (values which disable the profile if the maximum sign on count is reached), FTP logon attempts are counted. In this case, a hacker can mount a denial of service attack through FTP by repeatedly attempting to log on with an incorrect password until the user profile is disabled.
  • For each unsuccessful attempt, the system writes message CPF2234 to the QHST log. You can write a program to monitor the QHST log for the message. If the program detects repeated attempts, it can end the FTP servers.
  • You can use the Inactivity timeout (INACTTIMO) parameter on the FTP configuration to reduce the exposure when a user leaves an FTP session unattended. Be sure to read the documentation or online help to understand how the INACTTIMO parameter and the connection timer (for system startup) work together.
    Note: The Time-out interval for inactive jobs (QINACTITV) system value does not affect FTP sessions.
  • When you use FTP batch support, the program must send both the user ID and the password to the system. Either the user ID and password must be coded in the program, or the program must retrieve them from a file. Both of these options for storing passwords and user IDs represent a potential security exposure. If you use FTP batch, you must ensure that you use object security to protect the user ID and password information. You should also use a single user ID that has limited authority on the target system. It should have only enough authority to perform the function that you want, such as file transfer.
  • FTP provides remote-command capability, just as advanced program-to-program communications (APPC) and IBM i Access for Windows do. The RCMD (Remote Command) FTP-server subcommand is the equivalent of having a command line on the system. Before you allow FTP, you must ensure that your object security scheme is adequate. You can also use the FTP exit program to limit or reject attempts to use the RCMD subcommand. FTP exit programs describes this exit point and provides sample programs.
  • A user can access objects in the integrated file system with FTP. Therefore, you need to ensure that your authority scheme for the integrated file system is adequate when you run the FTP server on your system.
  • A popular hacker activity is to set up an unsuspecting site as a repository for information. Sometimes, the information might be illegal or pornographic. If a hacker gains access to your site through FTP, the hacker uploads this undesirable information to your system. The hacker then informs other hackers of your FTP address. They, in turn, access your system with FTP and download the undesirable information.

    You can use the FTP exit programs to protect against this type of attack. For example, you might direct all requests to upload information to a directory that is write-only. This defeats the hacker's objective, because the hacker's friends will not be able to download the information in the directory.