Kerstin wants to improve the security on her FTP server. She is worried about password-sniffing attacks. Which of the following is the best action for her to take?

A.
Disable anonymous logins

B.
Allow only anonymous logins
1D0-470

C.
Configure the firewall to block port 21

D.
Place the FTP server outside of the firewall

Explanation:
FTP transfers login information in the clear. By setting the FTP server to allow only anonymous logins, no one can log into FTP using a valid user/password pairs. If the logins with passwords are prevented, then there is nothing to b exposed on the network by someone using a packet sniffer.
Incorrect Answers:
A: Disabling anonymous logins do not lock out the server. Anonymous logins are guest accounts and usually can’t cause that much damage. However, allowing user/password pairs to login – of real passwords – is an exposure since the password are transferred in the clear and can be extracted from the packet flow on the network.
C: This will protect the user/password pairs, but also disables FTP. Making FTP unusable is most likely an undesired result.
D: Placing the FTP server on any side of the firewall does not protect the data. The passwords are still transmitted in cleartext and anyone can steal the user and password pairs for valid accounts.