This document provides System Administrators with instructions to help them implement an FTP solution to allow for successful file exchange with their servers from remote locations.
Recommendations
1. If you aren’t already running IIS, we recommend against installing Windows FTP services from a Windows server. Doing so requires that you turn on IIS as well. However, if you’re already managing a Windows server running IIS, you’ve got most of the work accomplished (securing IIS) and adding the FTP service shouldn’t add much of a vulnerability footprint.
2. If you wish to set up an FTP server on a Windows machine and you don’t want to use the Windows FTP service, we recommend using FileZilla Server. For more informatio about FileZilla Server, see the main FileZilla Project page.
Benefits of FileZilla:
- can do secure file transfer via SSL/TLS (can be required) or even Kerberos
- takes up little hard drive space (max is ~10.3 MB)
- comes without the IIS security concerns you would have if you deployed FTP services via Windows (IIS required)
FileZilla Server Step-by-Step Instructions
Installation
Use the steps below to install FileZilla server.
1. Download the installer from the 1st link above and double-click the downloaded .exe. You will be see the following license window.
2. Choose “I Agree” to proceed. You will then see a dialog asking you which components to install.
3. Select the components you wish to install by checking off the appropriate boxes and click Next. You will then see a window asking you where to install the FileZilla Server files.
4. Select the Destination folder and click Next. You will then be asked to configure FileZilla Server’s various default startup behaviors.
5. After choosing the startup behaviors, click Next. You will then be asked to determine how the server interface should be started.
6. After selecting the settings for the server interface, click Install. You should see the installation proceed rather quickly with a window showing you when installation has completed.
7. Click Close to Finish the installation. Immediately after closing that window, you will be prompted with the Connect to Server window giving you options for where and how to login to the server.
8. Click Ok to connect to the FileZilla Server you just installed (using the default values). You will then see a window letting you know you are logged on to the FileZilla server.
Use the steps below to configure FileZilla Server’s Users/Groups and Settings.
1. To configure Groups to place Users (configured later) in, Click on Edit -> Groups. You will see a window that allows you to Add a Group as well as configure Shared folders, Speed Limits, and IP Filtering.
2. Once you have configured the group(s) and it’s settings, click Ok. You can configure Users for each Group in much the same way. Select Edit -> Users. You will see a window allowing you to enable the account, set a password, associate Group membership(s) with the account, and set up Shared folder, speed limit, and IP filtering settings.
3. Once you have finished configuring your Users, click Ok to close that window. You may also configure various server-side settings by going to Edit -> Settings. You can view the “General” settings that you can customize below.
In addition to those General settings, you can also define the Welcome Message, IP bindings, and IP Filtering.
You have the following options under the Passive mode setting.
You can set blocking of bounce and fxp attacks under the Security settings option.
Admin Interface settings can be configured as well.
Logging can be configured with the Logging option.
GSS (Kerberos) Settings can be configured as well.
Speed Limits are also configurable.
File Transfer compression (using the Mode Z ftp protocol extension) is available as well.
And last but not least you can configure and even require SSL/TLS transfers.
Uninstallation is very simple with FileZilla Server. Simply go to Add/Remove Programs and remove it. Some screenshots appear below illustrating how simple it is (you even see the stopping and uninstallation of the ftp service).
none
