File Transfer Protocol PPT

 File Transfer Protocol

 

The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and server on a computer network.FTP is built on a client-server model architecture using separate control and data connections between the client and the server FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).The first FTP client applications were command-line programs developed before operating systems had graphical user interfaces, and are still shipped with most Windows, UNIX, and Linux operating systems. Many FTP clients and automation utilities have since been developed for desktops, servers, mobile devices, and hardware, and FTP has been incorporated into productivity applications, such as HTML editors.

 

Why do we need a FTP Service?

Purpose: To Transfer files between two computers Goals of FTP Service:

· Promote sharing of files (programs and/or data)

· Encourage indirect/implicit use of remote computers

· Shield users from variations in file storage among hosts

· Transfer data reliably and efficiently

FTP Client Commands (issued by user interface)

 

Access commands 

 

Summary of FTP connections

· FTP has 2 connections- Control (persistent connection)- Server issues a passive open on well-known 21- Client uses an ephemeral port to issue active open- Server ultimately closes control connection

· Data (ephemeral connection)- Client issues passive open on an ephemeral port- Client sends this port to server via PORT command- Server receives the port number and issues active  open using its well-known 20 to the received ephemeral port

  

FTP clients

Web browser can be used as FTP front-end (Web browser runs ftp scheme / protocol):

 

FTP URL: ftp://user:password@host:port/path 

 

Most web browsers are full-fledged FTP clients that allow to get and put files from/to the server with the FTP protocol.

 

Security

FTP was not designed to be a secure protocol, and has many security weaknesses. In May 1999, the authors of RFC 2577 listed a vulnerability to the following problems:

· Brute-force attack

· FTP bounce attack

· Packet capture

· Port stealing (guessing the next open port and usurping a legitimate connection)

· Spoofing attack

· Username enumeration

· DoS or DDoS

 

FTP does not encrypt its traffic all transmissions are in clear text, and usernames, passwords, commands and data can be read by anyone able to perform packet capture (sniffing) on the network. This problem is common to many of the Internet Protocol specifications (such as SMTP, Telnet, POP and IMAP) that were designed prior to the creation of encryption mechanisms such as TLS or SSL.

Common solutions to this problem include:

1. Using the secure versions of the insecure protocols, e.g., FTPS instead of FTP and TelnetS instead of Telnet.

2. Using a different, more secure protocol that can handle the job, e.g. SSH File Transfer Protocol or Secure Copy Protocol.

3. Using a secure tunnel such as Secure Shell (SSH) or virtual private network (VPN).

 PowerPoint Presentation Is on this Link: