We are just gonna have a network security scan made by an outside company. They are gonna scan our servers in the DMZ, which are mostly IIS servers (Win2k servers), with web and FTP services running.

I have used IIS Lockdown tool to try to tighten it as much as possible. The one thing I'm having a hard time finding out on how to tighten is the FTP service...?
Seems to be hard to do anything at all with MS FTP, other than lockout after so many password tries and stuff...
You can change the Administrator user, but if somebody figures out what the name of it is, you can brute force attack that account since it never gets locked out... ?!

Any good ideas?!


oh.. anyone knows anything about this security company: Quaddisin ??