I own an FTP server, and need port 21 open, how do I keep it secure?

FTP is a security risk because it transmits login information (including passwords) in plain/text, so you'll need to wrap it up in encryption. If you need to use FTP specifically, then OpenVPN can wrap it up very nicely for you in a fully encrypted stream:

  OpenVPN (free and open source)
  http://www.openvpn.net/index.php/open-source.html

Your server and all clients that need to use your FTP server will then have to have OpenVPN installed.

Of course, you might find it easier to just use one of the more secure versions of FTP known as SFTP or FTPS since many FTP clients have built-in support for this. One really good one is FileZilla which supplies complete and independent client and server applications, and complies with the relevant RFCs:

  FileZilla (free and open source)
  http://www.filezilla-project.org/


There are numerous solutions to this problem, with various levels of complexity and convenience.

  1. Secure passwords on the accessible accounts. If you use good passwords, odds are people won't get in unless there is some other vulnerability.
  2. Allow FTP access only from certain IP addresses. If you know you're going to be accessing your machine from specific places only, just allow those to connect and block all others.
  3. Linux systems have something called DenyHosts which will block IPs that seem to be acting maliciously towards your machine.
  4. Port Knocking will enable access to a port only after a series of connection attempts have been made to a predetermined set of ports. For example, try to connect on port 20, 35, 16, and 1, then port 21 would be opened. I'm not sure if there is a implementation of this for Windows though...

Best of luck!