A FTP Server is a File Transfer Protocol to store and share files. A FTP server needs a TCP/IP network for functioning and is dependent on usage of dedicated servers with one or more FTP clients. Remote computers can connect anonymously, if allowed, or with a username and password in order
FTP is built on client-server model architecture and uses separate control and data connections between the client and the server.
FTP is a client server protocol that relies on two communications channels between client and server, a command channel for controlling the conversation and a data channel for transmitting file content.
FTP is another such protocol, one that stands for File Transfer Protocol. Users connect to these servers with an FTP client, a piece of software that lets you download files from the server, as well as upload files to it. An FTP server offers access to a directory, with sub-directories.
FTP dates back to 1971, a time long before cyber security was much more than a hypothetical field. This means that FTP transfers are not encrypted, so it is relatively easy to intercept files for anyone capable of packet sniffing.
FTP was not designed to be a secure protocol, and has many security weaknesses.
FTP does not encrypt its traffic, all transmissions are in clear text, and usernames, passwords, commands and data can be read by anyone able to perform packet capture on the network.
This problem is common to many of the Internet Protocol specifications that were designed prior to the creation of encryption mechanisms such as SSL.
Common solutions to this problem include:
- Using a secure tunnel such as Secure Shell (SSH) or virtual private network (VPN).
- Using the secure versions of the insecure protocols FTPS instead of FTP and Telnets instead of Telnet.
NAT and firewall:
FTP normally transfers data by having the server connect back to the client, after the PORT command is sent by the client. This is problematic for both NATs and firewalls, which do not allow connections from the Internet towards internal hosts.