As part of our continuous effort to pursue best practices with IT credentials, Cerberus FTP Server now issues a security warning when running with LocalSystem service credentials.
Following the above change, once upgrading to version 12.6, customers will encounter a new system message warning when running Cerberus FTP Server with LocalSystem credentials:
If you see this warning, please read the FAQ article linked in the message and consider migrating away from LocalSystem. The risks associated with running a service as LocalSystem, is well-documented by Microsoft. Cerberus FTP Server will continue to function with LocalSystem service credentials for backward compatibility, but as a security-conscious organization, we must urge our customers to choose more secure deployments when possible.
This is the latest in ongoing efforts to improve the Cerberus FTP Server’s security posture. In version 12.3 we removed LocalSystem as the default service credential and enhanced the installer to streamline service setup with other local and domain accounts.
Finally, if you choose not to migrate from LocalSystem, we have added the ability to acknowledge System Messages, so you may silence the warning.
Feedback
As always, we look forward to hearing how our customers use Cerberus and any additional improvements that would help make Cerberus FTP Server as secure as can be. We would love to hear your feedback.