How does FTP file transfer protocol work?

Using the file transfer FTP protocol is one of the basic methods that we can use to transfer files between computers through a TCP / IP network and it allows us to do so even when they are large or when they are many, with great speed and In a simple way. But there are some pros and cons to using it. We explain what FTP is, how it is used, what port it uses or what are the possible security problems that this protocol created in the 70s provides.

What is FTP

FTP stands for File Transfer Protocol or, what is the same, File Transfer Protocol. It began to be used in the seventies and even today it is a connection option between client and server for the transfer of files through specific ports. The FTP ports by default on a computer are ports 20 and 21 which are used to perform this exchange or transfer.

A file transfer protocol in which one device functions as an FTP client and another as an FTP server. The client is the one who is in charge of accessing another computer, either from the office or from home, and all its content as long as they have permissions that allow them to do so. An FTP client is, therefore, a software or service that allows us to use this protocol to send or transfer files using the ports (there are two, control and data transport) of our computer or our server. The client uses this FTP port or ports for control and data transport.

What is it for?

As we have said, the FTP protocol is used for the transfer of files. They allow us a great transfer speed if they are many files or of a large size, they do not limit us with the weight of those that we are going to exchange as long as the client supports them and they give us great security whenever we use protocols such as SFTPL, SSL or SSH, for example.

How do I connect to an FTP

There are several different programs that we can use to connect to a server and one of them is the FileZilla software that can be downloaded for free. It is one of the most popular and we can download it from its website, installing it or starting to use it automatically if you have decided to have the portable version. Although it is one of the most successful, it is not the only FTP client available. When we have FileZillaon our computer we will see on the screen a series of fields that can be filled in at the top such as server, username, password and port. These will be the ones that we must complete in order to connect quickly. You simply have to write the IP address or domain of the FTP server to which you are going to connect, the username, the associated password and the port that we are going to use to make the connection. Once ready, you touch on “Quick connection” and the process would begin to function.

But there is another more complete, less quick option, but allows further customization or adjustments and we can carry it out playing on “File” in FileZilla and from here we will ” Manager of sites “. In a new menu window we can add the server, where we will put the IP or domain of the FTP server, but we also fill in the port, the type of server and the access mode. This will allow us to configure it as the default directory to connect automatically from that moment on.

Other clients

Although FileZilla is the best known, it is not the only one. Another FTP client for Windows is WinSCP, which can be downloaded completely free of charge and allows you to use the FTP, SFTP, FTPS, SCP, S3 or WebDAV protocol. It also allows you to set restrictions, create rules, automate processes.  Download WinSCP .

Another one that you can use is SmartFTP with a very comfortable and easy-to-use interface, which will make the process very simple and intuitive. It allows us to connect to FTP servers but it also allows us to connect to cloud storage systems if you want to access Google Drive, for example. It can be downloaded for free from its website or you can see a tutorial of all its functions.

What is the default port

The default port used by FTP is TCP 21 for control and port 20 for the data channel. Port 21 is the one used for control and from it the connection would be managed but the data is not transferred. There are different modes available for file transfer, active or passive. In active mode, TCP port 20 is where the data channel is created while in the client a random port is chosen that is always higher than TCP 1024. For its part, there is a passive mode in which it is used control port 21 to choose the external port to connect to, the client establishes a connection from the port indicated. The second is the most used and the first involves some security problems, since it implies that all ports greater than 1024 are open. Therefore, the second is usually the most common mode.

How to check that port 21 is not blocked

You can check that port 21 is not blocked if you want to use the FTP transfer method. You can do this by enabling Telnet and opening the Command Prompt, but you can also access an online port test that will allow us to check it in a matter of seconds without having to do anything on the computer.

On the web page speed test .es you can do a port test to know which ports you have open (either because you are going to play or need them for something) or you can simply check that port 21 is not blocked. You just have to go to the ” port test ” section on the mentioned page and write the port you want to check. You can write just one or you can write several separating them with commas or hyphens if they are a specific range. Once you have it, you touch “start”. In our case, just put “21” in the memory of Ports.

FTP security risks

Should you use FTP protocol for file sharing? They may have some risks that we must take into account. As explained from the Panda Security company, for example, the FTP protocol presents many vulnerabilities and the FBI already warned in 2017 of its dangers after the hacking of a large number of medical and dental clinics that allowed access to health records of the patients. Why? According to the security company, it is easy to access old FTP servers with common user names such as FTP or Anonymous without having a password or having a complex user name.

Also in 2016 it was known how the security researcher Minxomat revealed a total of almost 800,000 unprotected FTP servers that allowed free access to any user. As they had at the time in RedesZone, any user could carry out an Internet sweep in search of all kinds of servers.

Solutions

If you want to protect your FTP server you must follow a series of basic tips such as, for example, have a secure access password, for example, and have a single user or several users created for those who access remotely, but not allow free access to anyone as it could be a security issue. You should also disable, if you want to improve security, the guest user option or allow each user to have their own path without the possibility of interacting between one directory or another, for example. Another recommended tip that we must take into account to improve security or to avoid problems with the FTP server is to change the default port.

 

by Abdullah Sam
I’m a teacher, researcher and writer. I write about study subjects to improve the learning of college and university students. I write top Quality study notes Mostly, Tech, Games, Education, And Solutions/Tips and Tricks. I am a person who helps students to acquire knowledge, competence or virtue.

Leave a Comment