| The least safe configuration for an ftp daemon is one which allows anyone to connect (via "anonymous" mode) and upload files. Most of the attacks that let an intruder gain root access on your box require that s/he is able to upload files. If you don't have anonymous ftp with upload capability, the intruder cannot use those attacks unless s/he can get a user name and password. For the sake of safety, this mode is shut off by default in most wu-ftpd configurations.
The next least safe configuration is the one in which users with accounts on the system are allowed to access the server from the entire Internet. The dangers stem from 1) clear text passwords being sniffed on the Internet and 2) common vulnerabilities in ftp daemons that are allowed if anyone has upload privileges.
Unfortunately, disabling this configuration is difficult, as this is what many sites feel a need to use their ftp server for. With a well educated user base (and secure copy clients for their platforms), this functionality is unnecessary. Unfortunately, educating your user base may be impossible at your site, especially if there are a large number of users. If this is a 3 account server, that kind of user education may be quite possible. |