Accessing and sharing files among devices is much easier when they are in a physically reachable range or connected to a Local Area network. Things will be harder when you can simply share over the internet, but this is not considered good practice in terms of security. This is where we have to use special protocols to overcome this barrier.
With this article, we will be looking into FTP, which is a special data transfer technique that is being used in many fields to achieve data transfer.
What is FTP
FTP is also known as File Transfer Protocol. This is one of the oldest and most commonly used transfer protocols in the world. FTP is a collection of standard protocols that are used to share data among devices that are connected to a network. This protocol even supports computers with different operating systems.
FTP uses a client/server model. There is a remote host server and a client in this system. When the user sends a command to the server, requesting the server to send a file to the user, the server sends the required file to the client. Then the user gets the file and stores it in his device (client device). This process is the basic understanding of the work of an FTP server. Cloud services like Amazon and Google provide Amazon FTP and Google FTP services.
Using an FTP client, we can do manipulation to a file available on the server, such as edit, download, upload, move, rename and copy, etc.
Why is FTP important and used?
FTP is used in many different scenarios because of the following features:
- FTP can be used to backup data from a device to a secured backup FTP server.
- FTP can facilitate replication, which is the process of making a clone of data storage. Here it duplicates the data from a system to another with more resilience, availability.
- FTP is used to access shared web sources and cloud services to load its data to another system.
Ordinary FTP servers have a degree of security up to some extent with the user authentication feature where username – password is required in accessing. This keeps unnecessary accessors away. There are developed FTP protocols such as SFTP and FTP/s to facilitate more secure transfer needs.
How does File Transfer Protocol work?
Requirements for using FTP
To use FTP, the following requirements are needed.
- FTP client installed on your computer (ex: Auto FTP Manager, FileZilla, FileZilla Pro)
- The FTP server address is where it is hosted. (Ex: ftp.testdocs.net)
- Username and password are specific to the server.
( FTP servers let you connect without credentials, but this is a threat to the security)
We can identify three major components in a FTP model
- FTP Client
- FTP Server
- Connection between the client and the server
There are two types of connections that helps the mechanism in FTP
- Control Connection
- Data Connection
The FTP client sends a connection to the specific port in the server ( most commonly used port 21). This connection is used to send commands where the client tells what the server should do and receives a response accordingly. Therefore this connection is named and controlled. For establishing this connection, the user needs to log on to the FTP server. The anonymous FTP servers which do not needs to have login credentials can connect like that.
Given that the server received the controlling commands from the client, now it should provide what it asked for. This model keeps a separate connection for this purpose which is called the data connection.
Users can use command-line interfaces such as console or terminal windows used in operating systems or graphical user interfaces (GUI). Even Web browsers can work as FTP clients.
How to establish the connection
FTP connections can be established in two different modes:
- Active mode
- Passive mode
In Active mode, the user initiates the session using the control channel to connect from a random port( ex: port 1) from the client device, and to port 21 of the server. It sends a command to the server mentioning the port to which the server should be connected to the client device. This is called the PORT command. The server then connects from port 20 to the designated port of the client (ex: port 2). Once the connection is established, file transferring will happen using those ports.
Passive mode can be used in scenarios such that the connection establishment is blocked. In this mode, the client initiates all the connections. Then, the server sends the details of the ports which need the user to establish the connection. Next, the user connects from a random port of the client (ex: port 1) to port 21 of the FTP server. Now, the server sends a PASV command telling the client what port the client should connect to. (ex: port 3) . Once the connection is properly established, the transferring process happens through the ports discussed above. This method works when network address translation gateways and firewalls are present.
There are several types of FTPs:
- Anonymous FTP – This is the basic form of FTP. It has no security feature, neither login credentials nor encryption feature. This can be used to download data from unrestricted resources.
- Password-protected FTP – This is another basic FTP service, which requires a username and a password to access the service. Encryption is an optional feature of this type.
- FTP Secure (FTPS) – Referred to as (FTP-SSL), FTP Secure Sockets Layer. When the FTP connection is established, this enables implicit Transport Layer Security (TLS).
- FTP over explicit SSL/TLS (FTPES) – Like FTPS, this protocol also enables explicit TLS support, which is done by upgrading an FTP connection from port 21 to an encrypted connection. This is used in secure web and file transferring services.
- Secure FTP (SFTP) – SFTP is based on Secure Shell (SSH) protocol, but it is still considered to be another type of FTP protocol. This protocol supports more secured file transfer. Therefore mostly used by system administrators to access systems and applications remotely.
Advantages of using FTP
- The capability of transferring multiple files.
- Most of the FTP clients enables the feature to schedule the file transfers (ex: FileZilla)
- Ability to resume: This comes in handy when you suddenly experience a connection loss.
- Can obtain a faster data transmission over HTTP.
- Add to the queue feature: you can add multiple items to be downloaded/uploaded.
- No limitations on the size of the transfer files. (except web browsers )
- Can obtain an optimized workflow.
- Can recover lost data ( most of the FTP providers provide regular and automatic backing up).
Disadvantages of using FTP
- Vulnerable for Anonymous Authentication: This is a common issue in Anonymous FTPs.
- Vulnerable for directory traversal attacks: manipulate unauthorized files that are stored outside the root folders.
- Can easily capture data packets: since FTP does not encrypt login credentials and data, they can be subjected to packet capturing and any other related attacks.
- Issues in compliance: due to inadequate security, the businesses you are using FTPs can be subjected to noncompliance fines when such regulations are violated.
- Difficulty in monitoring: There is an inconsistency in tracking and monitoring once your data has been uploaded to the FTP servers.
Here in this article, we have briefly discussed some important points on FTP with advantages and disadvantages. The most important thing to consider when using FTP is to choose the right FTP providers to match with your business or personal use-case because the features and the way they approach to minimize the disadvantages can vary with the provider and the packages they offer.