Details
macOS used to have a graphical front-end to the embedded FTP server in the Operating System. FTP sharing could be enabled to allow someone on another computer to download files or information from the user’s computer. Running an FTP server from a user endpoint has long been considered questionable and Apple has removed that capability from the GUI. The FTP server however is still part of the Operating System and can be easily turned on to share files and provide remote connectivity to an end user computer. FTP servers meet a specialized need to distribute files without strong authentication and should only be done through hardened servers. Cloud services or other distribution methods should be considered
Rationale:
FTP servers should not be run on an end user desktop. Dedicated servers or appropriate cloud storage should be used. Open ports make it easier to exploit the computer.
Impact:
The FTP server is both a point of attack for the system and a means for unauthorized file transfers. The FTP server is another avenue to attempt brute forcing password for existing valid users.
Solution
Ensure that the FTP Server is not running and is not set to start at boot
Stop the ftp Server
sudo -s launchctl unload -w /System/Library/LaunchDaemons/ftp.plist
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.