Details
The new FTP Publishing Service for IIS supports adding an SSL certificate to an FTP site. Using an SSL certificate with an FTP site is also known as FTP-S or FTP over Secure Socket Layers (SSL). FTP-S is an RFC standard (RFC 4217) where an SSL certificate is added to an FTP site and thereby making it possible to perform secure file transfers.
Rationale:
By using SSL, the FTP transmission is encrypted and secured from point to point and all FTP traffic as well as credentials are thereby guarded against interception.
Solution
To configure FTP over SSL at the server level using AppCmd.exe or PowerShell:
Enter the following command in AppCmd.exe to configure:
%systemroot%system32inetsrvappcmd.exe set config -section:system.applicationHost/sites /siteDefaults.ftpServer.security.ssl.controlChannelPolicy:’SslRequire’ /siteDefaults.ftpServer.security.ssl.dataChannelPolicy:’SslRequire’ /commit:apphost
OR
Enter the following commands in PowerShell to configure:
Set-WebConfigurationProperty -pspath ‘MACHINE/WEBROOT/APPHOST’ -filter ‘system.applicationHost/sites/siteDefaults/ftpServer/security/ssl’ -name ‘controlChannelPolicy’ -value ‘SslRequire’
Set-WebConfigurationProperty -pspath ‘MACHINE/WEBROOT/APPHOST’ -filter ‘system.applicationHost/sites/siteDefaults/ftpServer/security/ssl’ -name ‘dataChannelPolicy’ -value ‘SslRequire’
Default Value:
By default, FTP sites are not SSL enabled.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.