Although the FTP protocol may seem to have been superseded by more transparent and easy-to-use download media, it is still one of the most widely used file sharing and web hosting services in the world. This is mainly due to the fact that it is reliable, fast and safe. However, the appreciation that the user has when faced with an FTP, if compared with other services that serve the same purpose, is old.
Unfortunately, this prejudice has played against the expansion of FTP as a personal file storage and sharing system. However, FTP has technically evolved to become a fundamental piece for the development of activities on the Internet, corporate networks and other areas, although we do not see it. If you want to learn a little more about file transfer via FTP , we invite you to continue reading this article.
What does FTP mean
The FTP protocol (File Transfer Protocol), or File Transfer Protocol for its translation into Spanish, is a network protocol used to transfer files between computers connected to a TCP network. Currently, many users have replaced FTP with online storage services such as Dropbox, Google Drive or OneDrive, especially because of the ease of use and transparency that the latter offer.
However, the flexibility that FTP provides us with respect to the aforementioned systems when sharing files is unmatched and is not conditioned by any type of service contract, that is, we can use an FTP for what we really want. .
The FTP protocol
The origins of FTP date back to 1971, when engineers at MIT and other academic institutions were searching for an efficient method for transferring files. Basically, it is designed around a client-server type architecture , as we will explain later in this article, that is, the client computer must first connect to a server to download or add files to it.
It should be noted that in this operation it is not necessary that the operating systems that equip the computers involved in the exchange must be of the same type, that is, the computers involved in the traffic can be Windows, Linux, Mac or even Android, which provides incredible flexibility.
FTP Client / Server Architecture
Above we mentioned that the FTP protocol was based on a Client / Server type architecture , which perhaps tells most of them nothing at all. That is why below these lines we can find a slightly more detailed explanation about this topic, in order to understand FTP well and thus be able to obtain the greatest possible advantage.
Basically, an FTP server is software that is installed on a server computer connected to the Internet, or in the case of corporations, institutions or others, it can also be connected to LAN or MAN networks. The main purpose of this FTP service is to allow the access and controlled exchange of files contained in the computer or website where it is hosted with other computers that require it (FTP clients).
In other words, the FTP Server software is in charge of processing requests to download files in the same that users do through the FTP client installed on our PC.
Some of the most common implementations of FTP servers today are as a web server to host Internet pages and as a backup server for data backup and uploading files, among many other applications.
The client program is the software that the user of an FTP service must install on his computer in order to be able to access the server to upload and download files to and from it. This is the application that users must have installed on their computer in order to execute the transfer process that will allow them to upload and download files from an FTP server.
In this sense, if our web browser is not equipped with this type of feature, it is best to use an FTP client strictly designed for that purpose, which can give us greater flexibility and ease of use. In that sense, FileZilla is one of the best tools we can count on.
To be able to download and upload files, from our computer, the FTP protocol normally uses two ports, port 21, which is used to connect remotely to a server and authenticate on it, that is to say “log in” and port 20, which It is the one used to carry out file transfers once the authentication stage has concluded.
It should be noted that these ports for FTP are used like this by default, but it will always be possible to change them to others to better suit our configuration. We can do this from the server configuration, however for most users this configuration of FTP ports is the most appropriate, and changing it just for doing it can lead to network connection problems.
Today, the original FTP Protocol is considered obsolete due to other protocols with improved and updated versions. FTP has weaknesses (as far as security is concerned) that prevent it from being used as a reliable form of data transfer , especially when more secure alternatives are available.
Using unencrypted FTP leaves your data vulnerable to hackers, creating security breaches.
FTP was not designed to be secure due to:
- Packet Capture / Trace: FTP is flat, so all network users can access all streams, logins, passwords, and data.
- Brute force attack: FTP is susceptible to hackers systematically crawling frequently used and repeating passwords until they find the correct one
- Port theft – A hacker can guess the next open port or use a PORT command to gain access as an intermediary.
- Anonymous vulnerability: public access to older / anonymous FTP servers can be made without a username or password
Lastly, FTP alone does not provide any security features that can prevent or stop even an inexperienced hacker.
FTPS: Secure transfers
FTPS (FTP over SSL) is a name used to allow various ways in which FTP software can perform secure file transfers. Each way involves the use of an SSL / TLS layer below the standard FTP protocol to encrypt control and / or data channels.
When the FTP protocol was initially written, security was not a concern. Since then many things have changed and sending data over any public network without encryption is considered very risky and in some cases is prohibited. To solve this problem, the original FTP extension (RFC 2228) is released which protects FTP data as it travels over the network using SSL encryption.
Pro and Cons of the FTPS Connection
The good thing about FTPS:
- Well known and used.
- Communication can be read and understood by a human.
- Provides services for server-to-server file transfer.
- SSL / TLS has good authentication mechanisms
- Support for FTP and SSL / TLS is built into many Internet communication frameworks.
The downside of FTPS:
- It does not have a uniform directory listing format.
- It requires a secondary DATA channel, which makes it difficult to use behind firewalls.
- It does not define a standard for file name character sets (encodings).
- Not all FTP servers support SSL / TLS.
- It does not have a standard way of getting and changing file or directory attributes.
SFTP: Secure FTP
Secure File Transfer Protocol (SFTP) is a file protocol for transferring large files over the web. It is based on the File Transfer Protocol (FTP) and includes Secure Shell (SSH) security components.
Secure Shell is a cryptographic component of Internet security. SSH and SFTP were designed by the Internet Engineering Task Force (IETF) for increased web security. SFTP transfers file security using SSH and encrypted FTP commands to prevent password tracing and exposure of sensitive information in plain text. Since the client must be authenticated by the server, SFTP also protects against man-in-the-middle attacks.
What is SFTP used for?
SFTP as a successor to FTP is used in many situations where file security is important.
SFTP is one of several options to protect data in transfer, to ensure that hackers do not obtain it and that the company does not fall into a security breach.
Some users who do not know SFTP as a protocol ask whether it is preferable to use SFTP or a virtual private network (VPN). Both systems will protect the data, but they are not the same. SFTP is a protocol, while VPN is a secure encrypted tunnel for data. With this in mind, information can also be sent using the SFTP protocol over a VPN, making the transfer even more secure.
SFTP can also be seen as an improvement over FTPS, which is just an FTP protocol that runs on top of Transport Layer Security (TLS) or Secure Sockets Layer (SSL). FTPS, in fact, requires complex firewall configurations, as ports 989 and 990 must be open, depends on a centralized public certificate authority, and is prone to file corruption, as the default mode is ASCII.
For most users, setting up a home FTP in which to store files so that others can download them from there is extremely impractical, since the energy consumption and the need to have a PC constantly on for 24 hours make it a poor option for any budget.
However, if we have the budget and the need, setting up an FTP is a simple task, since we will need a few devices, and the computer we use should not be of the latest generation, it is more even a PC with an old Pentium can reach serve us, as long as we take into account the energy consumption of the processor that we are going to use. In this sense, a general rule is that the more modern processor, the less power consumption it requires.
In addition to the PC with its respective accessories, we will also need some hard drives to add storage capacity, enough RAM to move the operating system chosen for FTP , which can be Linux or Windows, a voltage stabilizer to avoid damage to the PC for being exposed to variations in network voltage for so long, and a suitable place for the FTP server to stay cool and that the noise it produces is not perceptible.
Set up a home FTP
As we can see, the hardware needs to set up our own FTP are minimal. The most complicated issue is the installation and configuration of the FTP server software, the opening of the relevant ports on the router for its correct operation, and the general configuration of the entire system.
All this added, can cause us many problems, especially if we do not have knowledge on the subject or do not have the necessary patience to face them. In case this is our main problem, then the best thing for us is to use a file storage service in the cloud.
It should be noted that there are also other ways to build a home FTP, such as Raspberry Pi, which is much cheaper than a common PC and the energy consumption required is minimal, which makes it an excellent option.