Tavo wants to improve the security on his FTP server. He is especially worried about password-sniffing attacks. Which of the following is the best action for Tavo to take?

A.
Disable anonymous logins.

B.
Allow only anonymous logins.

C.
Configure the firewall to block port 21.

D.
Place the FTP server outside of the firewall.

Explanation:
We must protect against password-sniffing attacks, also known as man in the middle attacks. In this scenario we could do it in two ways:
1. ensure that password authentication traffic is strongly encrypted.
This is however not an option in this scenario.
2. only allow anonymous logins.
By only allowing anonymous access no passwords will be sent from the ftp user to the ftp server.
Incorrect Answers:
A: Enforcing passwords, and not using encryption, would allow a man in the middle to obtain the login id and password by sniffing.
C: Blocking port 21 would prevent FTP from working.
D: Placing the FTP server outside the firewall would make it more vulnerable and it would improve security.