File transfer protocol (FTP) is a network protocol that allows users to exchange files over the internet with ease. Although there are better, more secure alternatives to FTP, website administrators often use it to manage the files uploaded to their website’s server. We also use FTP to share publicly available resources, automate file transfer tasks, download services online and more. That said, FTP isn’t secure and is highly vulnerable to malicious attacks so you shouldn’t use it to transfer sensitive files.
A user can store files on what is known as an FTP server, and other users can connect to that server and interact with its contents. To use FTP, you must have a working internet connection and you’ll need to download an FTP client with which you’ll interact to upload files to and download from the server. You can use a command-line FTP client instead if you’re feeling brave. You’ll also need to know the FTP server’s IP address or host name.
How to Transfer Files With FTP
- Whether you’re using a command-line FTP or an FTP client, the first step is always to log in to the FTP server. Most FTP servers require user authentication (with a username and password) in order to make a connection. However, some servers allow anonymous access, which doesn’t require authentication.
- Once logged in, users are free to download, upload, move, delete and create files on the FTP server. The user’s capabilities depend on their permissions.
Anonymous FTP allows us to use the FTP server without having to authenticate ourselves with a username and a password. Anonymous users can log in with the ANONYMOUS username, which is restricted and doesn’t have access to all of the information on the remote system.
The remote system is responsible for determining which information is accessible to anonymous users. This information cannot be sensitive, since it’s available to everyone.
What Is File Transfer Protocol Used For?
File transfer protocol is a network protocol we use to transfer files between computers over Transmission Control Protocol/Internet Protocol (TCP/IP) connections. TCP/IP, also known as the Internet Protocol Suite, is a set of standardized rules that allow computers on a network to communicate. The functionality of the TCP/IP suite of protocols is divided into four abstract layers, where each layer includes specific protocols. From highest to lowest, these layers are:
- Application layer
- Transport layer
- Network layer
- Data link layer
FTP works on the application layer, the same layer on which HTTP works. The protocols that work on this layer are used by applications to provide user services and exchange data.
We can use FTP to transfer files between different systems over a network, using either an FTP client or command-line FTP. This includes uploading, creating, moving and deleting files in an FTP server, and downloading files from it.
FTP usually requires authentication in order to access the server, although anonymous access is allowed in some cases. Due to FTP’s lack of security measures, we no longer use FTP to transfer sensitive information over the internet. These days we’re more likely to use safer protocols, like SFTP or FTPS.
How Does FTP Work?
FTP follows the client-server architecture, which means that the workload is split between the provider of the service (the server), and the consumer of the service (the client).
- The FTP server: The server is where all of the files are stored. You can interact with the server to upload new files, download the files that are stored in it as well as move, delete and perform other operations on the stored files. In order to communicate with the FTP server, you’ll need an FTP client.
- The FTP client: The FTP client is an application that allows users to communicate and interact with the FTP server. To connect to a server, the user will need to know the server’s IP address (or the hostname). Once the user has the server’s address, they can create a connection to the server using the FTP client. Users are generally required to log in with a username and password in order to access the server.
FTP requires two communication channels to work: a control channel (also known as command channel) and a data channel. Since FTP uses two channels, it requires two ports, one for the data channel (port 20) and one for the control channel (port 21). FTP uses transmission control protocol (TCP) for transport needs.
There are two main ways to use FTP.
- From command-line interface: The most direct way to use FTP is via command-line. Windows, macOS and Linux have built-in command-line clients.
- Using an FTP client: This is the method many developers prefer, since FTP clients provide a graphical user interface (GUI) that can be more intuitive and easier to use.
Benefits of File Transfer Protocol
- You can transfer multiple files and directories simultaneously, rather than having to transfer them one at a time.
- You can resume transfers if you lose your connection.
- FTP supports queueing, which means that users can add files to a transfer queue. The files in this queue will be transferred in the future.
- There’s no limit on the number of files or the maximum size of the files that you can transfer.
- FTP supports scheduled transfers.
- FTP allows you to abort ongoing transfers.
Disadvantages of File Transfer Protocol
- The most important disadvantage of FTP is security. FTP has serious security issues, including the fact that it doesn’t encrypt the data it transfers, which means that hackers can easily intercept and read all of the cleartext data you’re transmitting.
- FTP is vulnerable to many attacks, including brute-force attacks, FTP bounce attacks, packet capture, DoS/DDoS attacks, spoofing, port stealing and many more.
Examples of FTP Clients
- FileZilla: FileZilla is one of the most popular FTP clients and is available for Windows, Linux and MacOS. It’s an open-source project that has extensive community support. As well as FTP, FileZilla also supports SFTP and FTP over TLS (FTPS).
- WinSCP: WinSCP is a Windows FTP client that supports FTP, SSH and SFTP.
- Transmit: Transmit is a MacOS FTP client that supports both FTP and SSH.
The client informs the server that it’s listening for incoming data connections using the PORT command. The server then creates a data connection to the client from its port 20.
Network address translators (NATs) and firewalls don’t allow connections from the internet toward internal hosts. To solve this problem, you can use passive mode. In passive mode, the client starts the data connection to the server by first letting the server know it wants to operate in passive mode (via a PASV command sent through the control channel). The server then responds with an IP address and a port number, which the client uses to open the data connection.
The Secure Alternatives to FTP: FTPS and SFTP
FTPS stands for FTP secure sockets layer (SSL), which uses SSL encryption. It’s a secure extension of FTP that adds a security and encryption layer.
Although not technically an FTP protocol, (since it uses a secure shell, also called SSH), it’s a more secure alternative to FTP since it encrypts both authentication information and the transferred data files.
Since FTP lacks data encryption, and is therefore extremely vulnerable to malicious attacks, most experts highly recommend you use FTPS, SFTP or other secure protocols.