Cradicle Explorer
CyberSec
/ Foundations / Core Concepts / FTP.md
FTP.md
 1  **File Transfer Protocol (FTP)** is a standard network protocol used for transmitting files between computers over [[TCP]]/[[IP]] connections. It operates at the application layer of the [[OSI]] model and is widely used for transferring large files, managing remote files, and facilitating website management.
 2  
 3  ## Key Features
 4  
 5  - **Client-Server Model**: FTP operates on a client-server architecture where the client initiates requests to the server, which stores and manages the files. The client can be a command-line tool or a graphical user interface (GUI) application.
 6  - **Two Communication Channels**: FTP uses two separate channels for communication:
 7      
 8      - **Control Connection**: Established on port 21, this channel is used for sending commands and receiving responses.
 9      - **Data Connection**: Typically initiated on port 20 (in active mode), this channel is used for transferring file data.
10      
11  - **Modes of Operation**: FTP can operate in two modes:
12      
13      - **Active Mode**: The server connects back to the client to establish the data connection.
14      - **Passive Mode**: The client initiates both connections, making it more firewall-friendly.
15      
16  
17  ## Types of FTP
18  
19  - **Anonymous FTP**: Allows users to access public files without needing a username or password. Users typically log in with "anonymous" as the username.
20  - **Password-Protected FTP**: Requires users to authenticate with a username and password for access to files.
21  - **FTP Secure (FTPS)**: Enhances security by adding Transport Layer Security ([[TLS]]) or Secure Sockets Layer ([[SSL]]) encryption to protect data during transfer. FTPS can operate in explicit mode (using port 21) or implicit mode (using port 990).
22  - **Secure File Transfer Protocol (SFTP)**: Although not technically FTP, SFTP operates over [[SSH]] and provides secure file transfer capabilities using port 22.
23  
24  ## How FTP Works
25  
26  1. **Connection Establishment**: A user connects to an FTP server using an FTP client, initiating a control connection on port 21.
27  2. **Authentication**: Users may log in with credentials or access files anonymously.
28  3. **File Operations**: Users can upload, download, delete, rename, and manage files on the server.
29  4. **Data Transfer**: When transferring files, a data connection is established to facilitate the actual file transfer.
30  
31  ## Applications
32  
33  FTP is particularly useful for:
34  
35  - Transferring large files efficiently.
36  - Remote file management for web hosting and backups.
37  - Automating file transfers through scripts.
38  
39  ## Security Considerations
40  
41  While FTP is widely used, it lacks inherent security features. Sensitive data transmitted via standard FTP can be vulnerable to interception. Therefore, using FTPS or SFTP is recommended for secure file transfers.