We published a blog series two years ago on how to secure an SFTP server. Given it is such a pertinent topic, we’re highlighting the posts again here. These points are relevant to all servers, not just SFTP servers, and should be read by server administrators. Although it refers to our server, CompleteFTP, the suggestions are applicable to and useful for all SFTP and FTP/FTPS servers.
Posts are listed below:
Part 1 – keep up to date with security patches
Part 2 – use your corporate firewall effectively
Part 3 – use IP filters and autobanning of IPs
Part 4 – disable unused protocols and anonymous acces
Part 5 – disable password authentication and weaker cipher algorithms
Part 6 – don’t forget social engineering!