FTP is an outdated technology
The FTP protocol is prevalent because of its simplicity and availability. However, it needs to be updated and more secure. Here we tell you why you should give it up.
Problems in the FTP architecture
In general, FTP does not have the level of security required for the modern Internet, and the overall design of the protocol is unsuitable for the modern Internet. It was developed in the 1970s, when the requirements for technology were very different from those of today. Let's understand a bit more about its design.
FTP operates on two channels: command channel and data channel. The data channel has two transmission modes - active and passive.
The difference between active and passive mode is on whose side the establishment of a data connection is initiated.
In passive mode, the server opens a random port from the dynamic range on its side and informs the client about it; the client initiates a TCP connection to this port.
In active mode, a random port from the dynamic range is opened from the client side and it is the server that initiates the TCP connection. In most cases, this mode is not suitable due to the peculiarities of address translation (NAT) settings on the part of home Internet providers, which will not allow to establishment of an incoming connection with the client device.
Disadvantages of FTP
To upload any file through FTP client and server have to exchange a very large number of messages. This leads to the loss of a lot of time and resources.
Delays occur not only at the FTP level but also at the TCP level because transferring each individual file requires opening a new TCP connection. If you need to transfer more than "a few" files, this is extremely inconvenient.
Another problem is that it is impossible to check if the transfer was completed successfully. The server does not even know the size of the file. If something fails to load during the transfer, neither the client nor the server will know about it.
FTP has other limitations that make working with it extremely inconvenient. For example, you cannot delete directories. You have to delete all files individually, and then delete the directory itself.
In addition, FTP does not support special characters. There are some ways to still use them, but these temporary solutions will inevitably cause problems at work.
There are big privacy issues as well. In FTP, credentials are transmitted unencrypted. The username and password are transmitted in plain text that can be read by anyone capable of intercepting network traffic.
The data itself is not encrypted either. Therefore, it is highly undesirable to send any sensitive information via FTP.
In the case when you still need to use the FTP protocol must pay special attention to the protection of the connection to the Internet. This is a topic for a separate article, but at least it is better not to use public wi-fi networks and use a VPN, preferably on your own server.
A secure alternative to FTP - SFTP
Of course, there are several alternatives. Let's talk about the best option among them. This is SFTP (SSH File Transfer Protocol). Its most obvious advantage is security and data encryption.
Other benefits of SFTP include:
-
pause and resume data transfer,
-
complete stop of file transfer,
-
the ability to execute basic administrative commands,
-
metadata transfer.
By using SSH within the SFTP protocol, you get these benefits:
-
Client and Server Authentication. SSH authenticates based on a public and private key pair. This allows you to accurately determine that the client requesting connection to the server is legitimate.
-
Data encryption. RSA, DSA, and other types are available.
-
Data transmission through a single port reduces the likelihood of an MITM attack.
So, the only reason FTP is still popular and used is force of habit. But that habit should be gotten rid of. And switch to SFTP.