You cannot really secure IIS 5.0
FTP server.
For the most part, MS FTP is based on the standard FTP protocol, which, by itself does not encrypt authentication traffic, therefore, all FTP communication is transmitted in clear text. There is no way around this with MS FTP, and the majority of FTP server daemons unless of course, a third party encryption protocol like SFTP is utilized. However, this of course means that your clients need to utilize software that supports FTP encryption.
You can download Serv-U FTP server for personal use for free the last I checked. It's an extremely rock solid FTP server platform/solution.
If you have absoultely NO choice but to stick with IIS FTP (difficult for me to understand ), try
here.