"Let's face it, FTP servers are insecure by nature. The
plain FTP protocol does not include any encryption for password.
This means that passwords are sent in plain text from the client to
the server. Any halfway skilled person with a sniffer will be able
to catch those passwords on their way and use them against you.
Indeed, with standard FTP servers, authentication is done
against the user accounts on the Linux or Unix box. So if someone
sniffs an FTP passwords, he'll have a shell password at the same
time and may make use of it to break into the server system.
The present HowTo will guide you through the steps to set up a
virtual FTP server. This won't prevent FTP passwords from being
sniffed, but it will greatly diminish the impact of a stolen
password on the rest of the servers. Indeed, while having no FTP
server running at all is certainly the best solution, sometimes you
need to have one and in that case, running a virtual FTP server is
the next best thing to do."