FTP (File Transfer Protocol) is a standard network protocol used to transfer files between a client and a server over a TCP/IP network. Key points:
- Purpose: Move files (upload/download), list directories, create/delete directories, and change file permissions on a remote host.
- Ports: Traditionally uses TCP port 21 for control; data connections use port 20 (active mode) or a dynamically assigned port (passive mode).
- Modes:
- Active mode: Server connects back to the client for data transfer — can be blocked by client-side firewalls.
- Passive mode: Client initiates both control and data connections — more firewall/NAT-friendly; commonly used today.
- Authentication: Supports anonymous access and authenticated sessions using username/password. Plain FTP sends credentials and data unencrypted.
- Security:
- Plain FTP is insecure because data, including credentials, is transmitted in cleartext.
- FTPS (FTP over TLS/SSL) adds encryption for control and data channels.
- SFTP (SSH File Transfer Protocol) is a different protocol that runs over SSH and provides encrypted file transfer and remote file management.
- Use cases: Website deployment, backups, publishing files, sharing large files where HTTP/HTTPS uploads aren’t available.
- Clients/servers: Many GUI clients (FileZilla, WinSCP, Cyberduck) and command-line clients exist; servers include vsftpd, ProFTPD, and Microsoft IIS FTP.
- Alternatives: SFTP, SCP, rsync (over SSH), HTTPS-based uploads, cloud storage APIs (S3, Dropbox).
- Best practices:
- Prefer encrypted variants (FTPS or SFTP) over plain FTP.
- Use passive mode for clients behind NAT/firewalls.
- Restrict user permissions and chroot users to their home directories.
- Use strong passwords or key-based authentication (for SFTP).
- Monitor and log transfers; keep server software updated.
If you want, I can compare FTP, FTPS, and SFTP in a table or give step-by-step setup instructions for a common server (Linux vsftpd or OpenSSH).
Leave a Reply