Applies To:
Show VersionsBIG-IP ASM
- 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Overview: Securing FTP traffic using default values
This implementation describes how to secure FTP traffic the easy way--by using default values. When you use an FTP security profile, the BIG-IP® system inspects FTP traffic for network vulnerabilities. A default FTP security profile is included in the system that you can use. To activate security checks for FTP traffic, you enable protocol security in an FTP service profile, and associate the service profile with a virtual server.
You can use the default configuration to protect against the following FTP security risks:
- Port scanning exploits
- Anonymous FTP requests
- Command line length exceeds the defined length
- Potentially dangerous FTP commands
- Traffic that fails FTP protocol compliance checks
- Brute force attacks (due to excessive FTP login attempts)
- File stealing exploits
Task summary
Creating an FTP service profile with security enabled
Enabling protocol security for an FTP virtual server
Reviewing violation statistics for security profiles
Overview: Securing FTP traffic using a custom configuration
This implementation describes how to secure FTP traffic using a custom configuration. When you use an FTP security profile, the BIG-IP system inspects FTP traffic for network vulnerabilities. A default FTP security profile is included in the system that you can modify, or you can create a new one as described in the tasks included here. To activate security checks for FTP traffic, you enable protocol security in an FTP service profile, and associate the service profile with a virtual server.
You can customize an FTP security profile to generate alarms or block requests for the following FTP security risks:
- Port scanning exploits
- Anonymous FTP requests
- Command line length exceeds the defined length
- Specific FTP commands
- Traffic that fails FTP protocol compliance checks
- Brute force attacks (excessive FTP login attempts)
- File stealing exploits