Introduction to FTP Meaning and How FTP Works [MiniTool Wiki]
There are plenty of network protocols, and this post is mainly talking about FTP meaning (File Transfer Protocol). If you are interested in other network protocols, then it is recommended to go to the MiniTool website.
What is the meaning of FTP? FTP, short for File Transfer Protocol, is a standard network protocol designed to transfer computer files between clients and servers on a computer network.
Speaking of FTP meaning, the File Transfer Protocol is built on a client-server model architecture, using separate control and data connections between the client and the server. FTP users can use the clear-text login protocol to authenticate themselves, usually in the form of user name and password, but if the server is configured to allow, you can connect anonymously.
To protect the user name and password, and to encrypt the secure transmission of the content, FTP is usually secured with SSL/TLS (FTPS) replaced with SSH File Transfer Protocol (SFTP).
Related post: SSH VS SSL: Differences and Similarities Between Them
The first FTP client application was a command-line program developed before the operating system had a graphical user interface, and is still provided with most Windows, Unix, and Linux operating systems.
Since then, many FTP clients and automation utilities have been developed for desktops, servers, mobile devices, and hardware, and FTP has been incorporated into productivity applications such as HTML editors.
How Does FTP Work?
After getting some information about FTP meaning, this part talks about how File Transfer Protocol works. FTP relies on two communication channels between the client and the server: a command channel for controlling dialogs and a data channel for transferring file content.
The client initiates a conversation with the server by requesting to download a file. With FTP, the client can upload, download, delete, rename, move, and copy files on the server. Users usually need to log in to the FTP server, although some servers can make some or all of the content available without logging in. This is called anonymous FTP.
FTP sessions work in passive or active mode. In the active mode, after the client requests to start a session through the command channel, the server will initiate a data connection with the client and start transmitting data. In passive mode, the server uses the command channel to send the information needed to open the data channel to the client. Because the passive mode enables the client to initiate all connections, it works well between the firewall and the Network Address Translation (NAT) gateway.
FTP Web Browser Support
Most common web browsers can retrieve files hosted on FTP servers, although they may not support protocol extensions such as FTPS. When an FTP (rather than HTTP) URL is provided, the accessible content on the remote server will be displayed in a manner similar to other web content. A full-featured FTP client can be called an extended form of FireFTP in the running Firefox.
As of 2019, major browsers such as Chrome and Firefox have abandoned FTP support to varying degrees. Google plans to completely remove FTP support through Chrome 82. Mozilla is currently discussing proposals, including only removing support for old FTP implementations that are no longer in use to simplify its code.
FTP was not designed as a security protocol and has many security vulnerabilities. In May 1999, the author of RFC 2577 listed the vulnerabilities for the following issues:
- Brute-force attack
- FTP bounce attack
- Packet capture
- Port stealing (guessing the next open port and usurping a legitimate connection)
- Spoofing attack
- Username enumeration
- DoS or DDoS
FTP does not encrypt traffic. All transmissions are in clear text, and anyone who can perform packet capture (sniffing) on the network can read usernames, passwords, commands, and data. This problem is common for many Internet protocol specifications (such as SMTP, Telnet, POP, and IMAP) that were designed before creating encryption mechanisms such as TLS or SSL.
Common solutions to this problem include:
- Use a secure version of an insecure protocol, for example, use FTPS instead of FTP, and TelnetS instead of Telnet.
- Use other more secure protocols that can handle the job, such as SSH file transfer protocol or secure copy protocol.
- Use a secure tunnel, such as a secure shell (SSH) or a virtual private network (VPN).