Ftp is another problematic protocol. First, it is a clear-text protocol, like telnet -- this allows an attacker to eavesdrop on sessions and steal passwords. This also allows an attacker to take over an FTP session, using a clear-text-takeover tool like Hunt or Ettercap. Second, it can make effective firewalling difficult due to the way FTP requires many ports to stay open. Third, every major FTP daemon has had a long history of security vulnerability -- they represent one of the major successful attack vectors for remote root attacks.
FTP can be replaced by Secure Shell's scp and sftp programs.
NOTE: Answering "yes" to this question will also prevent the use of this machine as an anonymous ftp server. |