If you hate user provisioning and deprovisioning and resetting passwords as much as this guy,
you will be happy to know that SolarWinds has identified five tried-and-true methods you can use to cut your daily FTP Server user administration chores down to almost nothing.
1. Authenticate Company Employees Through Active Directory
You already have all your internal end users configured in Active Directory (AD). If you have an FTP server like SolarWinds' Serv-U MFT Server that can authenticate users, pull email addresses, and hook directly into end user's existing home folders, go ahead and hook it up to AD. This allows existing employees to immediately authenticate to your FTP server. It also means that employee access is revoked as soon as a user is turned off in AD. Of course, this leaves your external partners and "service" or "automation" users out, but there are additional steps we can take to reduce administrative hassle there too.
2. Authenticate External Partners Through a DB Connection
Serv-U and some other FTP servers can use database entries to authenticate end users not found in AD. This allows you to affix your FTP server to existing Web portal or customer service applications, so external partners only need to remember a single set of credentials to authenticate to your web properties.
3. Allow End Users to Change Their Own Passwords
Most modern Web applications allow end users to change their own passwords, and FTP servers should be no exception. FTP servers that also feature a web transfer interface usually have a link or button that allows end users to change their own passwords, and many also allow advanced end users to change passwords via FTP commands.
4. Send Password Expiration Notifications via Email
Security best practices typically state that all accounts that only use passwords for credentials (as opposed to a client key or client certificate) should change their password periodically. Turning on user password expiration is easy in any modern FTP server, but a good way to avoid extra help desk tickets is to proactively notify end users of required password changes BEFORE they get locked out.
5. Allow End Users to Trigger Their Own Password Reminders
Finally, you can use built-in password reminders on the web interface of your FTP server to avoid the most common of help desk issues: "I forgot my password."
Do You Have Other Security Challenges?
Be sure to check out SolarWinds' new Security site, or leave your thoughts and comments below.