IIS 5.0 Security Hole in Win XP Pro/2000
Posted in Windows XP by Community Submission
The File Transfer Protocol (FTP) is used for copying files to and from a remote computer system on a network using TCP/IP. Be aware that FTP passwords are passed in clear text if you utilize userids other than anonymous. It is strongly recommends that you disable the FTP service unless absolutely necessary. If FTP service is a business requirement within your department/school, place the FTP Service and files that are to be transmitted on a stand-alone member server. Thereby, limiting access to other services and data on your network. Follow the steps below (depending on your OS) to disable FTP service or improve the security of your installation.
Windows XP Professional and Windows 2000 come with Internet Information Server 5.0 (IIS 5.0) as an optional component in the "Add/Remove Windows Components" located in the "Add or Remove Programs" in the "Control Panel".
Unfortunately if you install IIS 5.0 it automatically starts a service to allow FTP anonymous access which could be a serious security threat to your computer.
To disable this service follow these steps:
1. Start à Control Panel à Administrative Tools à Services.
2. Locate the “FTP publishing” Service.
3. Right Click and select “Properties”.
4. Click “Stop”.
5. Select “Disable” from the Start-up type drop down box.
6. Click “Apply”.
7. Click “OK”.
Now your computer has become much more secured.