Anonymous login



Consider the case where a software developer is developing code on
commerical off the shelf boards. These boards - as part of boot up -
utilizes an FTP server (WFTPD) - with the appropriate user name and
password - to load their vxWorks kernel. There's concern concerning
the anonymous login option of the FTP server. That said, the
1. Can an administrator disable _ALL_ anonymous login to the machine (
machine is on a network )?
2. Can an administrator - worse case restrict the access rights of
anonymous logins? In other words, today a 'generic' account is created
within the FTP server. This account points to a specific directory but
grants read/write permissions. I suspect the same can be done for
anonymous logins.
3. Are there - so called - holes in Windows XP security that'll allow
for anonymous logins?

Pardon my ignorance. I'm inquring because an individual is trying to
convince me that these FTP servers pose a potential threat because of
the built in ' anonymous ' feature. I'm of the impression that with XP
an Administrator has ultimate control and that's a non-issue. i.e The
adminstrator can disable anonymous logins or ...
From the looks of it. Security issues ( item 3 ) with regards to
anonymous login were in Windows 2000 - not Windows XP. Am I correct on

Thanks in advance

Steven L Umbach

Interactive/keyboard logons are restricted the user rights for logon locally
and deny logon locally. For network logon you use the user rights for access
this computer from the network and deny access this computer from the
network. If for instance just administrators and authenticated users are
listed for access this computer from the network then it will not be
possible for guest access via the network. IIS including FTP uses a default
user account of IIS IUSR_ComputerName user account is for anonymous access
to IIS. By default, when a user accesses a Web site that uses Anonymous
authentication, that user is mapped to the IUSR_ComputerName account. It is
also possible to disable anonymous access via IIS in the directory security
properties of the website. If you need to allow anonymous access via the
IUSR_ComputerName or other account you can then harden NTFS permissions to
make sure that account has no more permissions than necessary for anonymous
users to do what they need.


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question