Welcome Sign in
Windows Embedded Developer Center
Click to Rate and Give Feedback
MSDN
MSDN Library
Servers
FTP Server
 FTP Server Security
FTP Server Security
Windows Mobile Not SupportedWindows Embedded CE Supported
8/28/2008

The FTP Server included with Windows Embedded CE is a sample intended to show you how to create networking services that correctly interact and register with Services.exe. The FTP Server sample is also useful for debugging.

The FTP server is included as a teaching tool but not for commercial distribution without further modifications. The security on the FTP sample is very light and vulnerable to security attacks. Microsoft recommends that you carefully review the code and the security needs for the target deployment, and if necessary, enhance the security infrastructure before distributing this functionality in a release product.

If the FTP Server functionality is used without appropriate values set for the User List and Domain variables, the FTP server will be vulnerable to attacks by unauthorized users. These variables are not set by default. An unauthorized user must only guess the device's password, the way it is set in Control Panel, to obtain access to the server.

To prevent such an attack, the user name in the UserList registry value must be set for each of the servers that are currently running. The user will then need to log in with the specified user name and appropriate password to use the server.

You can set the domain variable in the DefaultDomain registry value, which is located under the HKEY_LOCAL_MACHINE\Comm\Redir registry key. Setting the DefaultDomain registry value will require FTP clients to have valid domain credentials to log in. For more information on this registry value, see Windows Networking API/Redirector Registry Settings.

For enterprise environments, Microsoft recommends the use of a network firewall with intrusion protection, such as Microsoft Internet Security and Acceleration (ISA) Server. For more information, visit this Microsoft Web site.

For non-enterprise environments or for added protection, Microsoft recommends that you include and configure the Windows Embedded CE Firewall on the network device. For more information about the Windows Embedded CE IP Firewall and how to configure it, see Firewall.

For information about configuring the IP firewall to properly manage traffic destined for the internal network, see IP Firewall Reference.

You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.

For FTP Server registry information, see FTP Server Registry Settings.

The FTP server uses port 21 to receive FTP connections. This value cannot be changed.

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker