Location: On the left
window's Server tab, click an individual user 
or a user setting
level 
.
Purpose: This tab allows you to configure the security-specific options.
Note: When a user inherits
settings, indicated by a gray check box 
, that user's
settings are configured at the User Setting Level or site level. When
a user's settings have been modified by the administrator, they are marked
with a black check mark 
(setting enabled) or a empty
check box 
(setting not enabled).
Note
When one of a user's settings is individually modified, that setting will override the User Setting Level.
Security
Allow NOOP Command
The NOOP command is an archaic FTP command that is usually used as a "Keep Alive" method (keeping the client from being disconnected from the server for inactivity). You can disable the command by checking this box.
Disable account after ___ incorrect login attempts
As a security measure, you can choose to disable a user’s account after the specified number of login attempts have been made with an incorrect user name or password. You will have to manually re-enable the account.
User can change password (SITE PSWD command)
If this option is enabled, it will allow the selected user (or users in the access level) that have a Standard password to change their passwords by the following method. The user issues the command “SITE PSWD” followed by the old password then the new password. For example if the old password was My29GS29 the user would enter the following:
SITE PSWD My29GS29 My30HT30
This sequence would set the password to My30HT30, but only if the user has been configured to have a Standard password type. Users with more complicated password types will need to provide the information in this order: old password, new password, the number of iterations and the password type.
Allow XCRC command
XCRC is the checksum command supported by some FTP clients.
Restrict to this IP
Enter the IP address for a site on the server, and the user or User Setting Level will only be allowed to connect to that IP address. You can only enter one IP address here. You cannot use wildcards or enter ranges.
Protocol Permissions
At least one protocol must be enabled for users to connect to the server.
Allow access using FTP protocol
Enabling this command will allow users to connect to the server over the FTP protocol. Turning this off will effectively block all connections.