What is the name for the set of rules when files are transferred over the internet?

File transfer protocol (FTP) is a network communication protocol that enables the delivery of digital files from a server to the client, authenticated by a plaintext (unencrypted) sign-in process. This article explains what FTP is, how it works, its applications, and ten best practices for operation.

What Is FTP (File Transfer Protocol)?

File transfer protocol (FTP) is a network communication protocol that enables the delivery of digital files from a server to the client, authenticated by a plaintext (unencrypted) sign-in process.

Massive volumes of information are exchanged over the internet every day. A lot of it happens through digital files – i.e., information storage units with a designated filename and extension, which indicates the file type and the application that will open it. FTP allows users to upload and download files on the internet while ensuring integrity. 

File transfer protocol was first developed in the 1970s, during the birth of the internet for government and defense use cases. Computer scientist Abhay Bhushan wrote the original protocol specification, designed to run on the network control program (NCP) model that powered the U.S. government’s ARPANET. 

At that time, FTP applications were executed on a command-line interface (CLI) using commands like PASS (to send the password to the server), LIST (to list all the files in a directory), ABOR (to terminate an FTP request and stop file transfers), and several others. 

In the 1980s, a new version of FTP was introduced to run on transmission control protocol (TCP). Over the years, the protocol has been revised and updated multiple times to meet new requirements, security standards, and compatibility with modern systems. Today, it is often utilized with secure sockets layer (SSL) or transport layer security (TSL) protocols to overcome the security weaknesses arising from an unencrypted sign-in process.

Types of FTP 

FTP data transfers can take place via four types of protocols: 

• Vanilla FTP: Vanilla FTP or plain FTP is the standard configuration this communication protocol uses. Here, the data and user credentials are conveyed without any encryption. Vanilla FTP typically uses port number 21 when connecting to the internet and enjoys the widest compatibility of the three FTP types. 
• FTPS: FTP Secure is another name for FTP Secure Sockets Layer (SSL), which uses SSL encryption, unlike traditional FTP. There are several differences between FTPS and other types of encrypted FTP, but the most notable is the security that comes with FTPS. It adds several extra commands to traditional FTP for added functionalities. 
• FTPES: The acronym FTPES stands for File Transfer Protocol over explicit transport layer security (TLS)/SSL. It uses port 21 as a regular FTP connection, but special commands transform it into a TLS/SSL-encrypted connection. Many users prefer FTPES to FTPS because it is compatible with firewalls.
• SFTP: In contrast to FTPS, SFTP implements an entirely different protocol based on a secure shell or SSH. Both FTP and FTPS use multiple connections, but SFTP only uses a single connection. It encrypts both authentication information and the data files being transferred.

How does FTP work?

All communication protocols operate on a four-layer model, comprising the application, transport, network, and link layers. The file transfer protocol is part of the application layer and helps move files between local and remote systems. For instance, when downloading a file via an online service, FTP helps fetch the file from the remote server where it is hosted, verify the downloader’s credentials, and transfer the file to the local device where it will now be available offline. 

Functioning of FTP

FTP relies on two concurrent TCP connections under the hood – the control connection and the data connection. It utilizes the control connection to transmit control information like commands, usernames, and passwords, for changing remote directories, and instructions to retrieve and store files. It uses the data connection to send the actual file, initiated through a different port than the control connection. 

An FTP session will follow these steps:

• The client starts a TCP control connection with the server.
• The client uses this to send control information.
• Upon receiving this, the server initiates a data connection with the client.
• You can use a single data connection to transfer only one file.
• User sessions are characterized by a constant connection to the control server.
• Multiple data connections can be initiated using the same control information during the session.

Importantly, file transfer protocol sessions are stateful, which means that the server will preserve information about the user, a specific session, etc. This makes it different from other protocols like hypertext transmission protocol (HTTP), which is stateless and does not track any data about the user state. 

As per FTP specifications, files can have one of three types of structures:

• File structure: It has no internal structure, and the file is considered a sequence of data bytes joined together.
• Record structure: The file has a collection of data records arranged in sequence.
• Page structure: The file comprises multiple pages that are independently indexed. 

If the file transfer malfunctions for some reason, the server will respond with an FTP reply like “530 Not logged in” or “225 Data connection open; no transfer in progress.” 

One of the most common error messages that users will encounter is the 404 error message, which indicates that a page (also a file) does not exist on the server the user was trying to access. FTP processes are mostly automated and power many backend file push and pull services that occur when using the internet. A layer of abstraction allows end-users to benefit from its file transfer capabilities without knowing its inner workings unless an error message appears.

See More: Safer Internet Day: Top Expert Tips to Comply With Modern Privacy Regulations

Top 7 Uses of FTP (File Transfer Protocol)

FTP is commonly used for the following applications: 

Uses of FTP

1. FTP websites

Websites can be hosted using a variety of communication protocols, and hypertext transmission protocol secure (HTTPS) is probably the most common one. However, you can also have file transmission protocol-based websites, which are helpful if data and fields are constantly uploaded or downloaded from the domain. The website name will look like – ftp.domain.com – and users with administrative privileges will have a set of FTP credentials. 

2. FTP web applications for file downloads 

Several online download services rely on file transfer protocol, as it is a simple and efficient way to host files. FTP supports a basic level of security by using a username and password. This allows file sharers to build gate domains, where only those with the proper credentials can access a file. Keep in mind that the file transfer protocol is limited to 2GB on web browsers, making it unsuitable for sharing large files above this threshold. 

3. FTP clients for storage and file sharing 

Users can install FTP software applications like Cyberduck that enable file transfers via the FTP communication protocol. For example, Cyberduck is a multi-platform file sharing tool that supports FTP, SFTP, Google Drive, Amazon S3, Dropbox, and various other file storage and sharing technologies. These software applications are known as FTP clients and bring several advantages. Users can transfer multiple files simultaneously, resume a transfer if the connection is interrupted, add files to a transfer queue, etc. Most FTP clients are also faster than HTTP file transfers. 

4. Single file-sharing or download 

FTP is generally faster than other protocols when downloading a single file. It consumes fewer resources and has a higher maximum bit rate than HTTP. Also, HTTP-based file transfers are more likely to suffer from timeouts due to changes or interruptions in the underlying network connection. During timeouts, the connection and file transfer has to be restarted. In contrast, one can pause FTP file-sharing or downloads due to network conditions, and it will automatically pick up where it left off. This makes it a more reliable option for large files of 100 MB+. 

5. Sharing non-sensitive information 

A major use case for FTP is for sharing publicly available resources. This is because a plaintext sign-in process authenticates FTP transactions. The user name, password, and other control information are sent to the server in an unencrypted form. This makes it unsuitable for confidential data like emails but perfect for publicly available resources. It prioritizes convenience over security, suitable for downloading open-source software, non-copyrighted media, etc. 

6. FTP automation 

File transfer protocol allows users to automate file transfer tasks, such as uploading files during low traffic hours. Users can make their websites and file-sharing applications more efficient by scheduling transfers beforehand, using one of the many automatic FTP uploaders available. Files.com, WinSCP, and Core FTP are some of the most popular options. Also, the inherent architecture of FTP makes it ideal for automated processes. For instance, Microsoft has many pre-configured Power Automate workflows to handle FTP tasks. 

7. Business to business data transfer 

Enterprises can leverage FTP to share files with other organizations over a private network. It is easy to set up and configure an FTP server without getting into the complexities of HTTPS. One can gain from several free and open-source FTP download clients, and a private network helps protect files from online threats. However, the technique prioritizes convenience, efficiency, and resource optimization over security – something that enterprises should keep in mind when exploring FTP use cases. 

See More: Intent-Based Networking: What Is It and Will It Usher an Era of Agile Networks?

10 FTP (File Transfer Protocol) Best Practices for 2022

Organizations can make use of file transfer protocol in three ways. First, they can develop an FTP-based file transfer service accessible via ordinary web browsers. Second, they can use a specialized FTP client with a graphical user interface (GUI) to execute FTP commands. Finally, FTP capabilities are also available through CLIs included as part of major operating systems. While using FTP, one should remember the following best practices: 

FTP Best Practices

1. Restrict FTP usage to small files via web services 

Inherently, the file transfer protocol does not have any capacity limitations and can help send hundreds of gigabytes when using a specialized FTP client. However, web browsers do not support file transfers over 2GB through FTP. Users must keep this essential best practice in mind when developing FTP applications and using the technology for information exchange for personal or professional use. 

2. Set up guest user accounts 

The primary user or administrator of an FTP service will have full privileges, including file access, uploads, and downloads. However, given the technology’s security limitations due to the lack of encryption, sharing full user privileges with everyone is not advisable. In such scenarios, one can set up guest accounts with limited access to the FTP service. For example, the user may be able to log in and access only the home directory without being able to list files hosted in any of the other directories. 

3. Select an FTP vendor with proven expertise 

FTP clients are widely available, and many can be used for free. However, not every client offers the same degree of security, functionality, and granular control. It is essential to select your FTP vendor carefully, ensuring that the company has prior expertise and that the software is without bugs or issues. Consider solutions like WS_FTP® Professional by Progress (formerly Ipswitch), a paid solution with best-in-class security and premium support. 

4. Regularly check for invalid passwords and user IDs 

Invalid user credentials are among the most common reasons for FTP failures, particularly when an enterprise witnesses a high volume of FTP traffic. This makes it crucial to check for invalid passwords and IDs which have attempted to access the file directories multiple times but could not succeed. Most FTP systems will revoke passwords after numerous failed login attempts – the system administrator can then contact the user and reset their credentials. 

5. Consider implementing passive FTP connections 

FTP servers support both passive and active connections with the client. In an active connection, the client opens a port and waits for the server to connect. This leaves the client open for a more extended period, potentially hurting security. In contrast, the passive method allows servers to open a port and wait for the client to connect. This means that unauthorized inbound connections cannot reach individual clients, and passive connections are compatible with firewalls. This best practice allows organizations to gain from FTP while staying secure. 

6. Set up FTP servers in a demilitarized zone 

A demilitarized zone is a perimeter network right at the edge of an organization’s local area network (LAN). It allows you to access untrusted networks and public environments while keeping the enterprise secure and the private LAN untouched by inbound connections. As a best practice, organizations should place their FTP servers inside this demilitarized zone, allowing them to communicate with the larger internet without endangering internal systems. 

7.  Deploy managed file transfer (MFT) technologies 

An MFT platform is an emerging software category that allows organizations to gain from file transfer and security protocols within a safe environment. MFT incorporates protocols like HTTPS, SFTP, and FTPS to enable the exchange of information and files. It also offers value-adding functionalities like automated controls to make file transfers more efficient. Some MFT solutions come with Payment Card Industry Data Security Standards (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), Basel II, and Sarbanes-Oxley Act (SOX) compliance to ensure that organizations meet regulatory standards. 

8. Strengthen account management policies to protect against unauthorized access 

Creating operating-system-level user accounts for partners and vendors is dangerous because it opens the door to accessing other server resources. Keeping user credentials separate from the FTP application is a good practice. Anonymous users and shared accounts should not be allowed. You might consider setting some rules, such as requiring account user names to be at least seven characters long and enabling account inactivity after 90 days or six failed logins.

9. Ensure your server software is up-to-date 

Out-of-date servers and applications pose a significant security risk. Bad actors may exploit vulnerabilities in the system to gain access to FTP data, which is already unencrypted. IT administrators and server managers should closely watch their upgrade and patching schedules. FTP servers should be equipped with the latest security and functionality enhancements, and FTP clients must be up-to-date. 

10. Educate users on FTP pros and cons 

FTP is a global standard for online operations, a central pillar of the public internet. However, it has a few drawbacks that limit its applications in private or business use cases. For instance, user names, passwords, and files are all transmitted in a plaintext or clear-text format, which means anyone can read them. A bad actor can also spoof a server and reroute the data to a different port on an unintended client. Users should know about these constraints and use FTP with complete awareness. 

See More: 5 Ways to Secure and Manage Your 5G Network

Key takeaways 

While FTP was the global standard in file transfer for nearly five decades, it is now gradually losing popularity. In 2021, Google disabled support for file transfer protocol in its Chrome versions 88 and 95, and Mozilla announced that Firefox would drop FTP support altogether. Mozilla is looking to drive secure connections and eventually phase out HTTP protocols. Even as other protocols like HTTPS and SFTP become the new standard in data exchange, users should remember the following takeaways: 

• File transfer protocol was developed in the 1970s, updated across the 80s and 90s, and could be eventually phased out in favor of more secure communications. 
• There are four types of FTP processes, classified as per their security level.
• FTP supports fast, simple, and cost-effective file transfers without encryption.
• To patch bugs and address vulnerabilities, one should regularly update FTP servers, software, and clients.
• Organizations can secure their FTP deployments through account management best practices, guest accounts, and demilitarized zones. 

FTP forms the foundation for modern internet operations and will continue to drive innovations in the data transfer field for years to come. 

Did this article help you understand how FTP works? Tell us on LinkedIn, Twitter, or Facebook. We would love to hear from you!

MORE ON NETWORKING

• What Is a Computer Network? Definition, Objectives, Components, Types, and Best Practices
• What Is Network Software? Definition, Types, Components, and Best Practices
• What Is Software-Defined Networking (SDN)? Definition, Architecture, and Applications
• Top 10 Software-Defined Networking (SDN) Solutions in 2022
• Top 10 Best Practices for Network Monitoring in 2022

What is it called when you transfer something on the Internet?

What are the protocols name the protocols used for transferring files over the Internet?

How files are transferred over the Internet?

What is called the set of rules that enables files to be transferred from one computer to the other on the net?