Full Guide - FTP (File Transfer Protocol)
Part 1: What is File Transfer Protocol (FTP)?
File Transfer Protocol (FTP) is a set of standard protocols used for file transfer over the network, which works at the seventh layer of the OSI model and the fourth layer of the TCP model, i.e., the application layer. This ensures that the connection between the client and the server is reliable and connection-oriented, providing a reliable guarantee of data transmission.
Part 2: How does File Transfer Protocol (FTP) Work?
File Transfer Protocol uses the user interface of the Internet's standard file transfer protocol, FTP, to provide users with a set of applications for managing file transfers between computers.
FTP is designed based on the client-server (C/S) model, where two communications channels are established between the client and the FTP server.
- Command Channel cannot perform the task of transferring data and can only be used to transfer control information such as internal commands executed by FTP and the responses to the commands;
- Data 12Channel is a connection for transferring files between the server and the client, which is full-duplex and allows simultaneous data transfer in both directions.
This idea of separate transmission of commands and data greatly increases the efficiency of FTP, while other client server applications typically have only one TCP connection.
- Th121 client initiates a conversation with the server when the user requests the server to download a file.
- Using FTP, the client can upload, download, delete, move, and rename files on the server.
Part 3: Two Modes of FTP
FTP client initiates FTP session and establishes corresponding connection with FTP server. Two channels are to be established during FTP session: control information process and data process.
- Standard (also known as PORT mode, active mode): Standard mode FTP client sends PORT command to FTP server.
- Passive (also known as PASV, passive way): Passive mode FTP client sends PASV command to FTP Server.
Part 4: FTP Transfer Method
The task of the FTP is to transfer files from one computer to another, independent of the location of the two computers, the way they are connected, or even whether they use the same operating system.
There are two ways to transfer FTP: ASCII, Binary.
Assuming that the file the user is copying contains simple ASCII text, if the remote machine is not running UNIX, when the file is transferred ftp will usually automatically adjust the contents of the file to facilitate the interpretation of the file into the format in which the text file is stored on the other computer.
Note: It is often the case that the file the user is transferring contains files that are not text files; they may be programs, databases, word processing files, or compressed files. Before copying any non-text files, use the binary command to tell ftp to copy them.
In a binary transfer, the bit sequence of the file is preserved so that the original and the copy are bit-by-bit one-to-one. Even if the file containing the bit sequence on the destination machine is meaningless.
Note: If a binary file is transferred in ASCII, it will still be translated even if it is not needed. This can corrupt the data.
Part 5: User classification of FTP
This type of user is the one who has an account on the FTP service. When this type of user logs in to the FTP server, their default home directory is the directory named by their account. However, they can also change to other directories. For example, the home directory of the system, etc.
In FTP server, we often set up an account for different departments or a specific user. However, this account has the feature that it can only access its own home directory.
In this way, the server secures other files on the FTP service. An account with this type of user can only access the directories under its home directory, but not files outside its home directory.
This is also what we usually call anonymous access. This type of user is not assigned an account in the FTP server, but he/she can still access some public resources anonymously.
Part 6: The Development of FTP
Ftp is the oldest network tool in the development of the Internet. From 1971, when the first RFC for FTP was proposed by A KBHUSHAN (RFC114) to nearly half a century ago, FTP has been one of the most important and widely used services in the Internet with its unique advantages.
With the continuous development of the Internet, the FTP specification has undergone several revisions to accommodate network standards including TCP/IP.
In 1980, jon postel, a scientist at the Institute of Information Science at the University of Southern California, defined a new version of FTP in RFC 765.
In 1985, RFC 959 redefined FTP, this time introducing new administrative features, including the ability to create and delete file directories.
In 1997, REC 959 was updated to provide new features defined in RFC 2228 to provide security features.
In 1999, FTP was updated to RFC 2428 to support the IPv6 protocol.
Part 7: 7 Common File Transfer Protocols
FTPS a multi-transfer protocol, equivalent to an encrypted version of FTP. When sending and receiving files on the FTP server, you face two risks. The first risk is to encrypt the files when uploading files. The second risk is that these files will stay on the FTP server while waiting for the recipient to download them, at which point they need to be secured.
Measure: Choose to create an FTP server that supports SSL, i.e., use an encrypted control and data channel with an SSL layer under the FTP protocol to allow the host to upload these files using an FTPS connection.
TLS & SSL
TLS is an industry standard designed to protect the privacy of information during network communications, allowing client and server applications to detect security risks including message tampering, message interception, message forgery, and its predecessor, SSL.
TLS and SSL encrypt network connections at the transport layer, but work below the application layer.
SSL security extensions have at least two different initialization methods: explicit security and implicit security.
SSH is a security protocol based on the application layer. SSH is currently a more reliable protocol that provides security for remote login sessions and other network services, and the use of SSH protocol can effectively prevent the leakage of information during remote management.
SCP (Secure Copy)
The SCP protocol is an application layer protocol that defines the process of transferring files "between local and remote machines" or "between remote and remote machines". The SCP protocol is based on the SSH protocol, so file transfers based on the SCP protocol are secure.
SFTP (Secure File Transfer Protocol)
SFTP is a secure file transfer protocol that provides a secure encryption method for transferring files. It has almost the same syntax and functions as FTP, but SFTP is part of SSH, a secure way to transfer files to a server.
SFTP also uses encryption to transmit authentication information and the transmitted data, so it is very secure to use SFTP. However, because this transfer method uses encryption/decryption technology, the transfer efficiency is much lower than normal FTP. If you require higher network security, you can use SFTP instead of FTP.
HTTP & HTTPS
HTTP (Hypertext Transfer Protocol) is the basis for data communication. It defines the message format for communication between a Web browser and a Web server, and how the Web browser should respond to Web requests. HTTP uses TCP (Transmission Control Protocol) as the underlying transport and is a stateless protocol. This means that each command is executed independently and the receiver does not retain session information.
Https (Hypertext Transfer Protocol Secure) is a secure version of HTTP in which communication is encrypted via TLS or SSL.