Microsoft Knowledge Base Article 310110 contains the following summary:
This article describes how to secure File Transfer Protocol
(FTP) directories by using options in the Microsoft Internet Security and
Acceleration (ISA) Server 2000 Management console.
FTP authentication options
are
limited to Anonymous and Basic Authentication.
Basic Authentication may
pose a security
risk because it permits username and password information to
pass over the network in clear text.
Anonymous authentication does not expose
username and password information,
but it does not permit you to control who
can access directories on an FTP server.
ISA Server 2000 solves this
problem by allowing you to use a combination of Web publishing
rules and other
authentication options on the Incoming Web Requests
Listener.