FTP is a standard network protocol used for the transfer of files between a client and server on a computer network. FTP is a very well-established protocol, developed in the 1970s to allow two computers to transfer data over the internet. One computer acts as the server to store information and the other acts as the client to send or request files from the server. The FTP protocol typically uses port 21 as its main means of communication. An FTP server will listen for client connections on port 21.
What Do FTP Servers Do?
FTP servers, and the more secure SFTP Server software, perform 2 basic tasks: “Put” and “Get.” You can put files on the FTP Server or get files from the FTP Server. If security is not a concern, FTP Server software is an easy and inexpensive way to accomplish this.
If you have remote employees who need to upload non-confidential information (such as timesheets, for example), or if you want to allow your customers to download white papers and documentation, an FTP Server works well for this purpose. If you are exchanging non-sensitive data with business partners, and the partner requires FTP or SFTP, you can quickly set up a server that will accept their data transfer. Some people even use FTP Servers for offsite backup so they can access their data should something physically happen to their files.
Further, backup applications will often write to an FTP or SFTP Server; for example, if you’re backing up your Cisco Unified Call Manager (CUCM), the data must be backed up to an SFTP Server like Titan FTP Server.
But Are FTP Servers Inherently Secure?
Traditional FTP Servers do lack security- the only security feature that they really have is a login feature (username and password), which provides some degree of authentication and is a way to keep out unwanted users. However, secure FTP protocols do exist now to combat this issue. There are two main implementations of secure FTP: SFTP and FTP/S. These two secure file transfer protocols were designed to address the main weaknesses of FTP. For instance, both FTP/S and SFTP support encryption, which can keep a hacker from accessing data being transferred.
FTP functions on a client-server model. The server hosts the files to be shared and the client provides the interface to access, download, or upload files to the file server. The computers transferring the files can be within the same network where the FTP server is configured, as well as outside the network (over the Internet). FTP uses two ports, one for connection and one for sending data.
FTP can run in two modes: active and passive. And, it uses two channels between the client and server: the command channel and the data channel. The command channel is for sending the commands and responses, and the data channel is for sending the actual data. As for the active and passive modes, in the active mode, the client launches the command channel, and the server establishes the data channel. In the passive mode, both the command and data channels are established by the client.
Most organizations prefer passive mode. In this mode, the client initiates both channels; therefore, the organization has less or no alterations to make on the client firewall. The connection is from the client to the server, and the data will be return traffic to the client. Overall, organizations can allow their users (clients) to connect to FTP servers without compromising network security.
Setting up FTP in passive mode
Primarily, the command channel is opened by the client to the FTP server on port 21. The client also opens two random, unprivileged ports on the client (typically a port greater than 1023). We’ll call the first port P and the second port P+1. The FTP client initiates the connection to the server by sending a PASV command. The client connects to the server from port P to server port 21 with the PASV command. The server then opens another unprivileged port Q (any port greater than 1023), and sends the port information back as a reply to the PASV command. Now the client initiates the connection from port P+1 to port Q on the server to start the data transfer.
–The client contacts the server using the PASV command on port 21.
–The server replies using the port 2000. Here, port 2000 is the port that the server will be listening to for the data connection.
–The client initiates the connection from port 1025 to 2000 (on the server).
–The server sends back the ACK (acknowledgement).
Opening up channels on FTP client and server
Client side: Data and other communications from the client should reach the FTP server. Make sure you allow the outgoing data and other communications from the client to go to the FTP server.
Server side: Port 21 should be open, as that is the port which receives the PASV command for initiating the connection. The port used by the server to respond to the client can be anything between Port 22 to 1022. Because the FTP server specifies a random port (anything greater than 1023), those ports should be open for communication.
FTP depends on IIS (Internet Information Services). Both IIS and FTP services should be installed for the configuration of the FTP server.
A root folder is required for FTP publishing. The folder can be created under:
Next, you need to set permissions to allow anonymous access to the folder. Use the following command on a CMD prompt to grant access:
“ICACLS “%SystemDrive%\ftp\ftproot” /Grant IUSR:R /T”
“%SystemDrive%\ ftp \ftproot”
(or the path to the root folder) should be set as the path for your FTP site. Even the software firewall (Windows firewall, Symantec, etc.) should allow connections to the FTP server.
Enabling FTP in Windows
In this example, we will use Windows Server 2008 R2 to configure FTP.If IIS is not installed,
1.Navigate to Start > Control Panel > Administrative Tools > Server Manager in Windows Server Manager
2.Go to Roles node. Right-click on Roles, and click Add Roles.
3.Go to Roles node. Right-click on Roles, and click Add Roles.
4.In the Add Roles window, open Server Roles and check Web Server (IIS).
Proceed through the setup wizard, and click Install. Wait for the installation to complete.
If IIS is installed already (as a Web server)
1.Navigate to Start > Control Panel > Administrative Tools > Server Manager
2.In the Windows Server Manager, go to Roles node, and expand Web Server (IIS).
3.Right-click on Web Server (IIS), and click on Add Role Services
4.In the Add Role Services window, go to Roles Services, and check FTP Server.
5.Confirm that IIS Management Console is checked under Management Tools
6.Click Next, and then Install. Wait for the installation to complete
To transfer files, you should add an FTP site. Once the FTP site is enabled, clients can transfer to and from the site using the FTP protocol
Setting up an FTP site
1.Navigate to Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager.
Once the IIS console is open, expand the local server.
2.Right-click on Sites, and click on Add FTP Site
4.In the Add FTP Site window, type the FTP server name and the content directory path, and click Next. The directory path should be the same as the one we set permissions to allow anonymous access above, we used:
%SystemDrive%\ ftp \ftproot
5.In the Binding and SSL Settings window, type the IP address of the server. Check the Start FTP Site Automatically option. Choose SSL Based on Constraint. Click Next.
6.Now, select Basic for authentication.
7.Click Finish. Now, the FTP site creation is complete.
Accessing files on the FTP server
To access files on the FTP server, open a file explorer and type ftp://serverIP. The FTP server asks for a username and password. Enter the username and password (Windows or Active Directory credentials) and click Logon. The files and folders display under the FTP server
File Transfer Protocol (FTP) in Application Layer
Prerequisite : Protocols in Application Layer
File Transfer Protocol(FTP) is an application layer protocol which moves files between local and remote file systems. It runs on the top of TCP, like HTTP. To transfer a file, 2 TCP connections are used by FTP in parallel: control connection and data connection.
What is control connection?
For sending control information like user identification, password, commands to change the remote directory, commands to retrieve and store files, etc., FTP makes use of control connection. The control connection is initiated on port number 21.
What is data connection?
For sending the actual file, FTP makes use of data connection. A data connection is initiated on port number 20.
FTP sends the control information out-of-band as it uses a separate control connection. Some protocols send their request and response header lines and the data in the same TCP connection. For this reason, they are said to send their control information in-band. HTTP and SMTP are such examples.
FTP Session :
When a FTP session is started between a client and a server, the client initiates a control TCP connection with the server side. The client sends control information over this. When the server receives this, it initiates a data connection to the client side. Only one file can be sent over one data connection. But the control connection remains active throughout the user session. As we know HTTP is stateless i.e. it does not have to keep track of any user state. But FTP needs to maintain a state about its user throughout the session.
Data Structures : FTP allows three types of data structures :
File Structure – In file-structure there is no internal structure and the file is considered to be a continuous sequence of data bytes.
Record Structure – In record-structure the file is made up of sequential records.
Page Structure – In page-structure the file is made up of independent indexed pages.
FTP Commands – Some of the FTP commands are :
USER – This command sends the user identification to the server.
PASS – This command sends the user password to the server.
CWD – This command allows the user to work with a different directory or dataset for file storage or retrieval without altering his login or accounting information.
RMD – This command causes the directory specified in the path-name to be removed as a directory.
MKD – This command causes the directory specified in the pathname to be created as a directory.
PWD – This command causes the name of the current working directory to be returned in the reply.
RETR – This command causes the remote host to initiate a data connection and to send the requested file over the data connection.
STOR – This command causes to store a file into the current directory of the remote host.
LIST – Sends a request to display the list of all the files present in the directory.
ABOR – This command tells the server to abort the previous FTP service command and any associated transfer of data.
QUIT – This command terminates a USER and if file transfer is not in progress, the server closes the control connection.
FTP Replies – Some of the FTP replies are :
200 Command okay.
530 Not logged in.
331 User name okay, need a password.
225 Data connection open; no transfer in progress.
221 Service closing control connection.
551 Requested action aborted: page type unknown.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
Trivial File Transfer Protocol (TFTP):
It is also file transfer protocol without sophisticated features of FTP.
It is good for simple file transfers, such as during boot time.
It uses UDP as transport layer protocols. Errors in the transmission (lost packets, checksum errors) must be handled by the TFTP server.
It uses only one connection through well known port 69.
TFTP uses a simple lock-step protocol (each data packet needs to be acknowledged). Thus the throughput is limited
Anonymous FTP :
Anonymous FTP is enabled on some sites whose files are available for public access. A user can access these files without having any username or password. Instead, the username is set to anonymous and password to the guest by default. Here, user access is very limited. For example, the user can be allowed to copy the files but not to navigate through directories.
-In computing, a file server (or fileserver) is a computer attached to a network that has the primary purpose of providing a location for shared disk access, i.e. shared storage of computer files (such as documents, sound files, photographs, movies, images, databases, etc.) that can be accessed by the workstations that are attached to the same computer network. The term server highlights the role of the machine in the client–server scheme, where the clients are the workstations using the storage. A file server is not intended to perform computational tasks, and does not run programs on behalf of its clients. It is designed primarily to enable the storage and retrieval of data while the computation is carried out by the workstations.
File servers are commonly found in schools and offices, where users use a LAN to connect their client computers.
Windows FTP Server on cloud for AWS
Features of an FTP server:
–In order for the client to establish connection to the FTP server, the username and password are sent over using USER and PASS commands. Once accepted by the FTP server, an acknowledgement is sent across to the client and the session can start.
–In the case of an FTP connection, it is possible to resume the download if it was not successfully completed earlier. –In other words, checkpoint restart support is provided.
–The FTP server allows the downloading and uploading files. There could be access restrictions as determined by
–the FTP server administrator for downloading different files and from different folders residing in the FTP server.
–The FTP server can provide connection to users without need of login credentials; however, the FTP server can authorize these to have only limited access.
–Files residing in FTP servers can be retrieved by common web browsers, but they may not be supporting protocol extensions like FTPS.
–FTP servers can provide anonymous access. This access allows users to download files from the servers anonymously, but prohibits uploading files to FTP servers.
–All file transfer protocol site addresses begin with ftp://.
Major Features of Windows FTP Server
Storage- Since the crucial function of a file server is storage, technology has been developed to operate multiple disk drives together as a team, forming a disk array. A disk array typically has cache (temporary memory storage that is faster than the magnetic disks), as well as advanced functions like RAID and storage virtualization. Typically disk arrays increase level of availability by using redundant components other than RAID, such as power supplies. Disk arrays may be consolidated or virtualized in a SAN.
Security- File servers generally offer some form of system security to limit access to files to specific users or groups. In large organizations, this is a task usually delegated to what is known as directory services such as openLDAP, Novell’s eDirectory or Microsoft’s Active Directory.
Installation Instructions for Windows
Note: How to find PublicDNS in AWS
Step 1) RDP Connection: To connect to the deployed instance, Please follow Instructions to Connect to Windows instance on AWS Cloud
1) Connect to the virtual machine using following RDP credentials:
- Hostname: PublicDNS / IP of machine
- Port : 3389
Username: To connect to the operating system, use RDP and the username is Administrator.
Password: Please Click here to know how to get password .
Step 2) Choose Start, expand All Programs, and then expand Windows FTP Server
Step 3) Other Information:
1.Access path: expand Web Server (IIS), and then select FTP Server.
- Windows Machines: RDP Port – 3389
- Http: 80
- Https: 443
Configure custom inbound and outbound rules using this link
AWS Step by Step Screenshots
Introduction to FTP
How to install and configure FTP on IIS 8 in Windows Server 2012
Setting Up and Configuring a 2008 FTP Server (IIS)