Today we are being educated on FTP, aka. File Transfer Protocol. This according to Wikipedia is "a network protocol used to transfer data from one computer to another through a network, such as over the internet"
<see full definition> The positives of FPT include:- the ability to transfer files over any TCP/IP network for manipulation on another computer on that network <regardless of which operating systems are involved-as long as the computer permits FTP access>
- FTP servers can be set up anywhere between game servers, voice servers, internet hosts, and other physical servers.
Some negatives/risks of FBT are that:
- passwords are sent in clear text - which can be intercepted by those willing
- it utalises multiple TCP/IP connections, which means firewalls may need additional logic/configuration changes to account for these connections
- It is possible to abuse the protocol's built-in proxy features to tell a server to send data to an arbitrary port of a third computer
- When file transferring if the process is interrupted, the receiver has no way to know if the received file is complete or not
- no method specified for transferring data in an encrypted fashion
To minimise the risk on non-encrypted data transfer "The common solution to this problem is to use either SFTP (SSH File Transfer Protocol), or FTPS (FTP over SSL), which adds SSL or TSL encryption to FTP", also using protocol enhancements such as Kerberos to stop eavesdroppers.
No comments:
Post a Comment