Introduction to FTP Protocol

Questions and Answers

What does FTPS use to secure data transmission?

• SSH encryption
• HTTP encryption
• TLS/SSL encryption (correct)
• AES encryption

Which file transfer protocol is often preferred due to better security and easier configuration?

• HTTP
• FTP
• TFTP
• SFTP (correct)

What is a critical limitation of the FTP protocol?

• It is too fast for most users.
• It lacks inherent security features. (correct)
• It only works on Windows systems.
• It does not support file compression.

In modern systems, what alternatives to FTP are commonly favored for file transfer?

FTPS and SFTP (B)

Why is it still beneficial to understand FTP despite its limitations?

It is essential for troubleshooting legacy systems. (B)

What is the primary function of FTP?

Transfer of computer files between client and server (D)

Which port is commonly used for the control connection in FTP?

21 (B)

Which mode initiates the connection from the client to the server's data port?

Active Mode (C)

What does the FTP command 'PUT' accomplish?

Uploads a file to the server (B)

Which of the following describes a key vulnerability of FTP?

Plaintext authentication (D)

What type of connection is used for transmitting actual file data in FTP?

Data Connection (C)

Which FTP command is used to display the current directory?

PWD (C)

Which of the following FTP attack types involves intercepting data during transmission?

Man-in-the-middle attacks (A)

Flashcards

FTPS (FTP Secure)

A file transfer protocol (FTP) that uses TLS/SSL encryption to secure data transmission.

SFTP (SSH File Transfer Protocol)

A secure file transfer protocol that uses SSH (Secure Shell) for data encryption and authentication.

FTP (File Transfer Protocol)

A basic protocol for file transfer that lacks inherent security.

Web-based File Transfer

Modern web-based solutions that offer file transfer capabilities.

Secure File Transfer Alternatives for FTP

Using FTPS or SFTP instead of basic FTP is recommended for secure file transfers.

What is FTP?

A network protocol used for transferring files between computers on a network. It uses a client-server model where a client application connects to a server to exchange files.

What is a Control Connection in FTP?

A separate connection established between a client and server to manage file transfer instructions, such as listing files, changing directories, and transferring data.

What is a Data Connection in FTP?

A connection used to transfer actual files between a client and server in FTP.

What is Active Mode in FTP?

A mode where the client initiates a connection to the server's data port for file transfer in FTP.

What is Passive Mode in FTP?

A mode where the server initiates a connection to the client's data port for file transfer in FTP.

What port is used in FTP?

FTP uses port 21 for the initial connection request, while the data connection uses various ports depending on the mode. Active mode uses ports 2000-2010, and passive mode uses ephemeral higher ports.

Is FTP secure?

FTP lacks inherent security features, making it vulnerable to attacks like man-in-the-middle attacks, brute-force attacks, and data interception during transmission.

How is FTP insecure?

FTP transmits passwords and commands in plain text, making it easy for attackers to intercept and steal sensitive information.

Study Notes

Introduction to FTP

• FTP (File Transfer Protocol) is a standard network protocol for transferring computer files between a client and server on a network.
• It uses a client-server model; a client application connects to a server for file transfer.
• Primarily for file exchange, not interactive sessions like remote login.

Key Concepts and Functions

• Client-Server Architecture: FTP relies on a client application (e.g., FileZilla, command-line tools) interacting with a server application (often on a web server) holding files.
• Control Connection: A separate control connection manages transfer instructions (listing files, changing directories, data transfer). Data transfer occurs separately.
• Two Types of Connections:
  • Control Connection: Handles commands and responses (e.g., username/password, file listings).
  • Data Connection: Transfers the actual files.
• Passive and Active Modes: These modes control data transfer initiation:
  • Active Mode: Client initiates connection to the server's data port.
  • Passive Mode: Server initiates connection to the client's data port (preferred for firewalls).
• Port Assignments: Specific ports handle FTP communication:
  • Control connection typically uses port 21.
  • Data connection ports vary based on mode (active: 2000-2010; passive: higher ephemeral ports).
• File Transfer Commands/Instructions:
  • LIST: Displays files in a directory.
  • PWD: Shows the current directory.
  • CD: Changes the current directory.
  • PUT: Transfers a file from client to server.
  • GET: Downloads a file from server to client.

Security Considerations

• Insecure by Nature: FTP historically lacks built-in security features.
• Plaintext Authentication: Passwords and commands are often sent unencrypted, vulnerable to eavesdropping.
• Vulnerability to Attacks: FTP is susceptible to:
  • Man-in-the-middle attacks.
  • Brute-force attacks.
  • Data interception during transmission.

Alternatives and Improvements

• FTPS (FTP Secure): Uses TLS/SSL encryption for secure file transfer (an extension of FTP).
• SFTP (SSH File Transfer Protocol): More secure file transfer using SSH (Secure Shell), generally preferred for its security and ease of configuration.
• Web-based file transfer: Modern web-based file transfer solutions are alternatives for various needs.

Summary

• FTP is a basic file transfer protocol, but its lack of security is a concern.
• Modern systems often use secure alternatives (FTPS, SFTP) for stronger security.
• Understanding FTP's operation is still relevant for troubleshooting and legacy systems maintenance.