Skip to main content

IIS 5.0 Security Hole in Win XP Pro/2000

Posted August 2002 by Steve Sinchak

The File Transfer Protocol (FTP) is used for copying files to and from a remote computer system on a network using TCP/IP. Be aware that FTP passwords are passed in clear text if you utilize userids other than anonymous. It is strongly recommends that you disable the FTP service unless absolutely necessary. If FTP service is a business requirement within your department/school, place the FTP Service and files that are to be transmitted on a stand-alone member server. Thereby, limiting access to other services and data on your network. Follow the steps below (depending on your OS) to disable FTP service or improve the security of your installation.

Windows XP Professional and Windows 2000 come with Internet Information Server 5.0 (IIS 5.0) as an optional component in the "Add/Remove Windows Components" located in the "Add or Remove Programs" in the "Control Panel".

Unfortunately if you install IIS 5.0 it automatically starts a service to allow FTP anonymous access which could be a serious security threat to your computer.

To disable this service follow these steps:

  1. Startà Control Panel à Administrative Tools à Services.
  2. Locate the “FTP publishing” Service.
  3. Right Click and select “Properties”.
  4. Click “Stop”.
  5. Select “Disable” from the Start-up type drop down box.
  6. Click “Apply”.
  7. Click “OK”.

Now your computer has become much more secured.

Related Posts

If you own a Google Chromecast streaming device, you can easily share a browser tab in Chrome browser or even your entire desktop.  This can be very useful when presenting from your laptop or if you just want to watch something on a big screen that is only on your PC.  The only requirement is you must be on the same network as your Chromecast...

Read More

If you are a fan of minimalist desktop experiences, hiding the desktop icons are an easy way to clean up the Windows interface.  Instead of saving everything to your desktop, use the default profile folders such as downloads and documents.  Actually hiding all the icons on your desktop is a very simple customization hidden in the right-click context menu.  Just right-click on the desktop, select View...

Read More

Google security researchers have published details about a major security flaw found in the SSL protocol that is used to encrypt data transferred between your browser and a web server. SSL is typically used in situations where logon credentials are validated...

Read More

Enabling two-factor authentication is a great way to add an additional level of protection to your Microsoft account.  Even if your password is stolen, your account is still protected because two-factor authetication requires an additional level of verification to log in. Microsoft calls their version of two-factor authentication "two-step verification" and it works by providing you with a random code...

Read More