File Transfer Protocol (FTP)
Learning Center | Glossary | File Transfer Protocol (FTP)
What is FTP?
File Transfer Protocol, or FTP, is the language that computers on a TCP/IP network (such as the Internet) use to transfer files. Files are uploaded and downloaded to an FTP server, also known as an FTP site.
FTP can be either a noun or a verb. As a noun, it is the name given to the file transfer program. As a verb, it is the act of transferring using FTP – e.g., FTP the file to me. When referring to sending files via FTP, the term “put” is used. “Get” is used when referring to receiving files via FTP.
In most cases, a user name and password are required to access an FTP site. However, the requirement for login credentials can be waived by the FTP administrator.
Features of an FTP server include the following.
- Files can be uploaded and downloaded
- Downloads can be resumed if not completed successfully
- Access restrictions can be put in place by FTP server administrator for downloading files
- Connections can be provided with or without requiring login credentials
- Files can be retrieved using web browsers
- Anonymous access can be provided by FTP servers for file downloads
- FTP site addresses begin with ftp://
The FTP server has an FTP address and is set up to receive FTP connections from FTP clients. Whether an FTP server is run in active or passive mode determines how a data connection is established. Once a connection is established, data can be transferred in three modes.
Data is sent as a continuous stream to TCP. Stream mode is the default mode for FTP transfers.
Data is delivered to TCP in blocks (e.g., block header, byte count, and data field) by the FTP.
When transferring large files, data is often compressed. Run-length encoding is the compression method most commonly used.
Because FTP does not encrypt its traffic, data transmissions are vulnerable to threats that include the following.
- Brute force attacks
- FTP bounce attacks
- Packet capture
- Port stealing (guessing the next open port and usurping a legitimate connection)
- Spoofing attack
- Username enumeration
Some approaches used to mitigate these vulnerabilities when transferring sensitive data are:
- Replacing insecure protocols with secure versions, such as FTPS instead of FTP and TelnetS instead of Telnet
- Using a more secure protocol, such as SSH File Transfer Protocol or Secure Copy Protocol
- Employing a secure tunnel such as Secure Shell (SSH) or virtual private network (VPN)