Open main menu

ICANNWiki β

FTP

FTP is an acronym for File Transfer Protocol, which is a TCP/IP based network protocol just like the HTTP used to transmit files from one computer to another through the Internet. FTP is designed to transfer multiple small files such as images on a web page instead of transferring a single large file. This standard protocol supports the pausing, scheduling, and restarting of file downloads.

Objectives of FTP

Based on RFC 959, FTP has four primary objectives, which are:

  1. Promote file sharing (computer programs and/or data)
  2. Encourage indirect or implicit use of remote computers
  3. Shield users from variations in file storage systems among hosts
  4. Allow efficient and reliable data transfer

Background

File Transfer Protocol was first introduced by Abhay Bhushan from the Massachusetts Institute of Technology Project MAC on April 16, 1971 through RFC 114, which provides the standard definition and the basic commands of the protocol, enabling devices (specifically computers) to communicate or transfer files or messages with each other. [1] [2]

RFC 114 was updated by several RFCs to improve the specifications of FTP such ad RFC 172, RFC 265. On July 8, 1972, Bhustan introduced a major revision of the FTC specifications through RFC 354. Based on the RFC, FTP aims to allow the efficient and reliable transfer of files among hosts as well as the convenient use of remote file storage capabilities.[3] Subsequent RFCs were further released providing more improvements on the protocol including RFC 542 in 1973.

In 1974, RFCs 607, 614 and 624 proposed changes in the design of the FTP. These RFCs were followed by RFCs 686 and RFC 691, which provided additional information regarding the printing of files.

The first FTP standard protocol was RFC 765, which was published by Jon Postel in June, 1980. This specification described the transition of using TCP instead of NCP as the fundamental protocol for FTP.[4]

Current FTP Standard Specification

The latest FTP standard specification implemented by the Internet Engineering Task Force was RFC 959 which was published by Jon Postel and Joyce Reynolds in October, 1985. The current RFC includes new commands such as CDUP (Change to Parent Directory), SMNT (Structure Mount), STOU (Store Unique), RMD (Remove Directory), MKD (Make Directory), PWD (Print Directory) and SYST (System).[5]

Anonymous FTP

An anonymous FTP allows a remote user to securely access a certain part of a disk space by creating an FTP connection and logging on to the system using anonymous as the username and the e-mail id as password.[6]

Security Issues

Although the FTP was designed to transfer data efficiently and reliably, the protocol has security loopholes because data is transmitted in plain text and it doesn't have any provision for data encryption. Hackers can easily steal users passwords, read and monitor private files and conversations, and they can also install viruses.[7] Mark Allman from NASA Glenn Research Center/Sterling Software and Shawn Ostermann from Ohio University School of Electrical Engineering and Computer Science wrote RFC 2577 and identified three security problems associated with FTP such as Bounce Attacks, Spoof attacks and Denial of Service Attacks and suggested measures to reduce or prevent security problems associated with FTP.[8]

References