FTP allows filesystem access from FTP clients. The FTP service does not allow anonymous logins, and users must authenticate with the configured name service.
FTP supports the following security settings. These settings are shared for all filesystems for which the FTP protocol access is enabled:
Enable SSL/TLS - Allows SSL/TLS-encrypted FTP connections and ensures that the FTP transaction is encrypted. This is disabled by default. The FTP server uses either a self-signed security certificate or a customer-supplied certificate.
SSL/TLS versions and ciphers - SSL/TLS protocol versions and ciphers for FTP connections. The defaults are TLSv1.1, TLSv1.2 and their associated ciphers. TLSv1.0 is not enabled by default due to security concerns, but it can be enabled for backward compatibility. In the BUI, the list of available ciphers changes based on the selected versions. Some selected SSL/TLS protocol versions and/or ciphers are removed after a software upgrade if they are no longer supported. To avoid service unavailability, keep the default settings unless otherwise needed or as instructed by Oracle Support.
Permit Root Login - Allows FTP logins for the root user. This is off by default because FTP authentication uses plain text, which poses a security risk from network sniffing attacks.
Maximum Number of Allowable Login Attempts - The number of failed login attempts before an FTP connection is disconnected, and the user must reconnect to try again. The default is 3.
Logging Level - The verbosity of the log.
FTP supports the following logs:
proftpd - FTP events, including successful and unsuccessful login attempts
proftpd_xfer - File transfer log
proftpd_tls - FTP events related to SSL/TLS encryption