January 4, 2023

    What is FTP? Understanding File Transfer Protocol (FTP)

    FTP, also known as file transfer protocol, is a process that organizations can use to transfer large and/or sensitive files from one location to another. Secure “versions” (or alternatives) of FTP (SFTP, FTPS) are especially useful in the defense, legal, healthcare, manufacturing, and finance industries. However, FTP generally speaking, is used in almost every industry where the sharing of information is necessary.

    But what is FTP exactly? At Sharetru, we have a team of dedicated secure file transfer experts who are always available to talk about your organization and its file transfer needs. Continue reading for a deep dive into FTP, and contact us if you would like to schedule a time to discuss FTP and what it could mean for your business.

    FTP History

    The concept of FTP dates back to April 1971, when Abhay Bhushan first wrote the specification for file transfer protocol — which he published in RFC 114. In its earliest years, FTP ran on NCP, which stands for Network Control Program, and facilitated the protocol stack on computers hosting the ARPANET (the predecessor to the modern-day internet). FTP moved to Transmission Control Protocol/Internet Protocol (TCP/IP) in the 80s, where it remains today.

    In the 1990s, new standards enabled firewall-friendly FTP (in 1994), proposed security extensions (1998) and added support for IPv6 while also defining a new version of passive mode (1998). As you’ll discover below, FTP and its capabilities have come a long way in the modern age.

    How Does FTP Work

    In simplest terms, FTP is a method for briefly connecting computers, called “clients” and “servers,” in order to facilitate the transfer of files from one to the other. When you think of servers, you most likely think of web servers that hold webpage-related files for the internet or of file servers on your office network. FTP servers are similar to web servers, but they are different in that they hold files for upload and download rather than files to be retrieved as web pages through browsers. Websites operate on HTTP/HTTPS rather than FTP, which we’ll address later in this post.

    FTP servers facilitate both uploads and downloads. Files are transferred from local computers or servers to remote FTP servers during uploads. Files are transferred from FTP servers to local servers or computers during downloads.

    Metaphorically speaking, the local systems can be thought of as the senders of letters and the receivers of letters. FTP as a protocol would be like a mail truck used to deliver letters. And the FTP server can be thought of as the post office or mail distribution center. For example, imagine Company A needs to send a large amount of files to Company B. Company A will upload the files to an FTP server, and then Company B will transfer the data from the FTP server to its own computer.

    How do computers find the FTP servers they're looking for? All FTP servers have an address. The address may look like a web address (starting with ftp://), or it may look more like the string of numbers that represent an IP address. While some FTP servers do not require login credentials to gain access, called an “anonymous” connection, most FTP servers have in place security features that require a username and password for access.

    FTP Security

    We’ve already noted that FTP was not originally created for security. In fact, FTP as originally conceived was highly vulnerable to brute-force attacks, port stealing, username enumeration and other threats. But, today, there are secure versions of FTP that make it safe as the protocol of choice for organizations that need to store and transfer even the most sensitive of files and information.

    FTPS builds on the FTP foundation through the addition of a transport security layer, or TLS, which replaced the now deprecated secure sockets layer (or SSL). There are two types of FTPS: implicit FTPS and explicit FTPS. Explicit FTPS is the newer and most commonly used protocol. When using explicit FTPS, a connection is established on the same control port as FTP (port 21), and then an SSL/TLS connection can be required by the client or required by the server. The TLS/SSL connection is what encrypts and secures the files. Additional ports will open for data to pass, as port 21 is for the issuing of commands only. The FTP client and FTP server will negotiate which ports need to be used to complete the file transfers.

    SFTP is another option for file transfer protocol security. SFTP uses a secure shell (Or SSH) data stream to protect the connection during file transfers. Unlike FTPS, which requires many ports to complete file transfers, SFTP uses only port 22 for both commands and data. Both FTPS and SFTP are commonly used protocols for securely transferring files. The best option for your organization will depend on the security controls you need and compatibility with other systems. Many lean toward SFTP because it only requires the single port to be open.

    The Benefits of FTP & Related Protocols

    FTP and the more secure protocols mentioned in the section above have become widely accepted for file transfer in the 21st century. Why has FTP become the standard? Because the benefits of using FTP are well-known and widely appreciated by individuals and organizations that need to transfer sensitive files in a secure manner. Here’s a look at the 6 primary benefits of FTP:

    1. Capacity

    We've all been caught in a situation where a large file simply won't attach and send via email. FTP solves this problem by facilitating the transfer of large individual files, as well as large amounts of smaller files. If you choose a method of transferring files that does not have the capacity you need, you will find that transfers and connections often fail. Naturally, this is highly inefficient for any organization that needs to transfer large files on a regular basis.

    2. Security

    While FTP as conceived in 1971 did have security vulnerabilities, there are now encrypted file transfer protocols that layer on top of FTP the security needed for sensitive files. More specifically, FTPS and SFTP are options for organizations that need highly secure file-transfer capabilities.

    3. Control

    Most modern FTP providers offer administrative dashboards that give users a high level of control over their files. These controls allow administrators to grant permissions on a user-by-user basis to upload, download, share, edit, and even delete files stored on FTP servers.

    4. Efficiency

    When you identify and implement the right FTP solution for your organization, you can establish a highly efficient file transferring workflow that all team members understand and use. Again, many organizations are regularly handling large and sensitive files. By using FTP to establish an efficient workflow, these organizations are able to move faster, do more, and generally enhance their operations.

    5. Redundancy

    The best FTP providers also provide regular server backups so that your sensitive files always remain safe in case of a natural disaster or another incident that compromises one server. FTP backup servers are typically located in completely different geographical regions. This ensures that there's no interruption in an organization’s access to their files.

    6. Automation

    Automation is likely the most significant benefit of using these protocols. Transfers can be easily configured and scheduled to happen with no human intervention. For example, it’s possible to synchronize local and remote folders every 5 minutes, 24/7.

    FTP vs. HTTP

    FTP and HTTP are both transfer protocols that play important roles in the digital world. But there are key differences between FTP vs. HTTP that are important to know.

    You likely know HTTP as the protocol used to retrieve files on the internet for viewing within browsers. HTTP is perfect for this activity, because it efficiently transfers small files — like webpages. FTP, as noted above, is ideal for transferring much larger files.

    On the technical side, HTTP uses TCP port 80, and FTP uses TCP port 21. There's typically no authentication required with HTTP, which is why you are able to access files on the internet without logging in each time. Conversely, FTP almost always requires user and password authentication. Lastly, HTTP creates a data connection only, while FTP creates both data and control connections.

    As we've written before, both FTP and HTTP play important roles as transfer protocols. That said, anytime there's a need for the transfer of large files or large amounts of files, FTP is the only efficient, reliable solution.

    FTP Terms to Know

    The FTP world is full of terms and acronyms that can sound similar and that often confuse users. To help you better understand and distinguish between these terms and acronyms, here’s an FTP glossary to reference:

    • FTPS: FTPS is a method of encrypted FTP that uses a TLS/SSL connection to protect files.
    • Explicit FTPS (or FTPeS): Explicit FTPS is the newer method of FTPS. It uses a traditional FTP connection and then adds an additional layer of security by creating a TLS/SSL connection via port 21.
    • Implicit FTPS: Implicit FTPS is the older method of FTPS. It also layered security on top of a traditional FTP connection, but it created the TLS/SSL control connection through a separate port — port 990.
    • SFTP: SFTP uses SSH (also known as Secure Shell) encryption via port 22 to secure files as they are being transferred.
    • FTP Server: An FTP server is the physical (or virtual) machine where files are stored and secured after uploads and before downloads.
    • HTTPS: HTTPS is the secure version of HTTP, which stands for hypertext transfer protocol. HTTPS uses a secure sockets layer (SSL) for encryption, much the same way FTPS uses TLS/SSL.
    • Authentication: Authentication is the process of validating that a user is approved by requesting a username and password.
    • SSH: SSH is also known as secure shell or secure socket shell. It’s used in SFTP to create a secure connection for file transfers.
    • SSL: SSL is also known as secure sockets layer, which is an encryption protocol that has been deprecated and replaced by TLS. SSL was used to encrypt files as part of FTPS, but more recently has been found to be vulnerable.
    • TLS: TLS is also known as transport layer security, which replaced the deprecated SSL protocol for encryption. TLS is used to encrypt files as part of FTPS.
    • Permissions: Permissions are given to users by an FTP admin. Permissions can be granted to upload, download, share, edit or delete files on an FTP server. The authentication process is used to validate users and ensure they operate within their permissions.
    • Port 22: Port 22 is the secure shell communication port used specifically for SFTP.
    • Port 21: Port 21, one of the ports used by FTP, is the default control port for FTP. After a valid username and password are entered into the FTP client, port 21 opens automatically.
    • Port 20: Port 20 is used by the FTP client to create the second “active” connection necessary for file transfers to occur. “Passive” FTP opens many more data ports and is more common today.
    • Port 990: Port 990 is the port used as the implicit FTPS control channel. Port 989 may then be used for an active data port, or other ports are used as passive data ports.
    • Encryption: Encryption is the practice of securing digital information by using mathematics. Different types of encryption are used in FTP transfers for security.
    • In-Transit Encryption: In-transit encryption means that files are secured as they move between an FTP server and a computer.
    • At-Rest Encryption: At-rest encryption means that files are secured while they are stored on an FTP server.
    • IP Address: An IP address is the unique code used to identify any device connected to the internet or a different network.
    • CLI: CLI, or command line interface, can be used to send a file from one computer or server to another using the IP address and an internet port.

    Discover More With Sharetru

    The FTP world is extensive and can be complicated if you try to build and implement your own system. At Sharetru, we provide a number of different options for organizations that need to store and share sensitive files. You can get up and running with Sharetru at a fraction of the cost it would take to create your own system.

    Ready to see FTP in action? Get in touch with us to schedule time for a brief demo of Sharetru and a discussion of your organization and its file-sharing needs.

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts