File Transfer Protocol in the Internet Environment Research Paper

Introduction

An FTP protocol means a file transfer protocol. It is a mechanism that is basically used to transfer or message files across different host servers. Servers provide services that can be accessed by other processes in the network environment. Servers act as slaves because they take in requests, work on them according to the requirements and provide the feedback to the user. TCP/IP networks are common examples of such servers. A client on the other hand makes use of services that are facilitated by various processes which enable the provision of a feedback. A specific system may provide the function of both a client and a server for varied or a specific services.

The FTP 1-1 is normally designed between a client and a server. It incorporates the use of varied controls between the server and the client through data connections and applications through the server. This connection often offers solutions to crises that occur out of varied end-host configurations such as operating systems or different names given to files (Comer 60).

The FTP 1-1 has in the past had various security concerns. At the close of the 19th century, various concerns were voiced regarding the security status of the protocol. This type of problem was most common before the creation of the SSL with sub-constituents such as HTTP, SMTP and telnet. However, common solutions have been advanced towards the protection against this type of security threat. These solutions will be further discussed in this study.

FTPs are normally designed to use passwords for authentication purposes but they can also incorporate anonymous access to users. In the past, different applications incorporated an interactive command line tools with a syntax which was standardized across all levels of operations. However, current systems are of a graphical nature and have been developed for most desktop operating systems.

The FTP in general has developed over the years since its inception in 1971. It has gone through a series of transformation with the first of its kind being replaced by the RFC 765, nine years after its inception and RFC 959 five years later (Comer 61). This model is still currently in use. The FTP has in the past undergone transformation due to security and support. In 1997, it underwent a transformation with the inception of RFC 2228 as a security modification while in 1998; RFC 2428 was introduced as a support mechanism. It was also aimed at supporting IPv6 and also defined a different type of passive mode that was previously non-existent (Petersen 333). This study seeks to explore FTP 1-1 protocol in messaging and file system

Objective

Define messaging and file system through a networking system using FTP 1-1 protocol.

Steps To Access An FTP Connection To Transfer A File

Before files can be transferred using the FTP protocol, the FTP connection needs to be established. This needs to be done through a step by step process which entails proper configuration to access the FTP connection. This study will however be tailored towards establishing access for an FTP connection of an anonymous user. It is essential that before any connection is made, the IIS and the FTP be precisely installed and configured on the computer. However, in some operating systems, the FTP is normally installed automatically with the installation of the Microsoft Internet services (IIS), but in some, its not. In such operating systems where FTPs are not automatically installed, its important to use the « add or remove program » options in the control panel to install it (Petersen).

Installation of FTP and Internet Services

The steps in accessing an FTP connection for file transfer are outlined below :

1. Go to the control panel option and select the « add or remove » option.
2. Select the « add or remove » components for windows.
3. From the last of the components, the application server option should be selected. Therefater click on the Microsoft internet information services. The selection from the check box should be maintained, meaning it shouldn’t be cleared. Thereafter click on details.
4. Ensure the common files, FTP service, and IIS manger check boxes are selected.
5. Any other IIS service that is not selected from the check boxes should be, together with any sub-components which may be of personal preference during installation. Thereafter click OK.
6. Select the Next button.
7. In case the computer prompts one to insert the operating system CD, do so, through the CD drive or DVD drive. Alternatively, one can specify a path for the location of the files. Thereafter, click OK.
8. Select the finish button.

After the completion of these steps. The FTP connection should be installed and the Internet information service should be in working condition. However, these two components need to be properly configured before any file transfer can be done (Petersen 334).

FTP Configuration

1. The internet information service manager should be activated; alternatively, the internet information service snap-in could be opened.
2. The server name should be expanded.
3. The sites associated with FTP should be expanded
4. The default FTP site should be right clicked and the property option selected
5. The security accounts option should be selected.
6. Check if the allow anonymous connection option is selected and highlight it if its is unckecked. Consequently, this means that inividuals cannot use the FTP service through the use of user names or passwords.
7. Select the home directory option
8. Select the Read and log visits options by clicking on their check boxes, in case the check boxes are not selecetd yet. Check if the write option is selected and highlight it if its is unckecked then click OK.
9. Exit from the IIS service manager or snap-in.

After the last step, the FTP access is ready to use and correctly configured. The FTP is therefore able to process requests. The files and folders which one would want accessed can thereafter be moved to the FTP publisher. A default folder should thereafter be identified (Petersen 333).

FTP 1-1 Client to Server Protocol

Servers provide services that can be accessed by other processes in the network environment. Servers act as slaves because they take in requests, work on them according to the requirements and provide the feedback to the user (Shelly 20). Common types of servers are: NFS file system (as an example) which is basically a file system or service that provides the access to files and directories to other processes and users in the network environment; Severs that provide details, like the X window system which basically provides services for high definition display service in the network environment. It also provides services to other users and servers which are like time of day because they have the ability to return the time of day upon request. The client to server protocol can be used to implement applications that are unevenly distributed.

A server works with an address when it receives requests because it relies on predetermined addresses before it responds back to the user. When a server receives a request, it unblocks to enable processing of the client’s request. Multiple servers can do the same thing, though they may rely on multiple machines or execute the function on similar machines in provision of the same service. It is however, a common occurrence for servers to be replicated onto physically independent machines to boost the reliability and efficiency of the entire client to server processes. In case a machine is primarily aimed at supporting server processes or programs, the “server” can be used cross functionally for both the server and the machine (Shelly 23). For this reason, there have been statements in the network environment such as “Mickey is my mail server”.

A client on the other hand makes use of services that are facilitated by various processes which enable the provision of a feedback. A specific system may provide the function of both a client and a server for varied or a specific services. For instance, a specific server receives requests for printing from a user or a client but at the same time, it may send a request to the same user to use a specific server in order to access a file.

This type of communication between a server and the client can be specified through the RFC 959 (Lowe 336). The process of server to client is made through a TCP connection to the port of the server. This connection is usually known as the control connection which is supposed to be open for as long as there is communication between the two parties (client and server). This can also be done through a second connection which is normally known as the data connection. This connection is normally specified in the negotiation dialogue (Comer 424). It may be used to oversee commands, identification, and passwords. This can be normally done through a telnet-like protocol which can be best represented by the RETR filename (Shelly 21). This type of connection would efficiently transfer the file from a server to a client. It also incorporates two ports and has implications; like the FTP 1-1 will be considered out of band when compared to an in-band protocol like the HTTP (Comer 62).

The server normally responds according to the connection using a status code that has three digits; especially in ASCII using a text message that operates at optimum; for instance “200” would mean that there was a successful command which was effected during the last connection (Comer 62). Numbers in this type of connection normally represent the code number, whereas the optimal text is a negation of the instructions or required parameters for the connection; this means the account for storing specific messages or files. However, a file transfer that is currently in effect can still be aborted by activating an abortion message normally sent through the control connection.

The FTP 1-1 protocol incorporates either the passive or active modes of data transfer. When in active, the user has to give the IP address and port number. This is given to the server in order for the client to listen in. This is because the server enables initial connection through the TCP connection. However, there may be situations where the client is inhibited by a firewall or any other mechanism from accepting TCP connections. In such situations, the passive mode is normally recommended (Comer 424). In such a scenario, a user usually sends a PASV command to the server and in turn, a port number or IP address is communicated back to the user.

Data can be transferred across the network through four methods. The first is the ASCII mode which is normally used in times of communication by texts, for messaging purposes. Here the data is normally converted when need be, by transferring the character of the host in form of representation through an eight bit ASCII preceding the transmission (Comer 66). The ASCII has its own disadvantages, in that, it is inappropriate when a user wants to send numeric data in binary form.

The image mode is the second mode of data transfer. Here, the machine sends data slowly; byte by byte and in turn, the receiver stores the information in the same manner (by stream). The image mode has been recommended worldwide for all types of FTP connections (Comer 428). The EBCDIC as the third mode of data transfer. It uses plain texts between hosts. The local mode is the fourth and final mode of data transfer and facilitates the exchange of data for two computers with similar set ups, using a proprietary format without necessarily converting it to ASCII.

However, for files that use texts, various controls are provided for formats while various structure options are also provided for records. Nevertheless, these features were primarily developed to facilitate file transfer. This was specially made for those files with ASA formats (Comer 430). In this type of file transfers, data can be transferred using any of the three modes.

The stream mode is the first method, where data is normally sent in a continuous stream as a relief of FTP because it doesn’t do any processing in this case. Instead, all types of processing are undertaken by the TCP. File indicators are also unnecessary at the end, unless data division is done in form of records. The second type of data transfer is the block mode. This mode of data transfer breaks the data into several blocks. This works like a block header and byte count. The third method is the compressed mode. This is where data is compressed using a single algorithm. Normally, this is assumed to be the run-length encoding (Kalita 353).

Web Browser Support Security System

The FTP 1-1 has in the past had various security concerns. At the close of the 19th century, various concerns were voiced regarding the security status of the protocol. Common flaws identified were the bounce attacks, spoof attacks, brute force attacks, sniffing, username protection, and port stealing (Kalita 221). The FTP 1-1 was not designed to have encryption tools and data was therefore transmitted in clear texts; through the use of user names and passwords. This therefore left the whole system prone to security attacks such as sniffing, because any user could read the FTP commands and files for transfer. This is normally observed through sniffing across the network (Grasdal 304).

This problem was very common before the setting up of the SSL which has sub-constituents such as HTTP, SMTP and telnet. However, common solutions have been advanced towards the protection against this type of security threat. For instance, the use of the SFTP, also known as the SSH file transfer protocol or the FTPS which is actually FTP over the SSL, is a common solution for all of them. This adds the SSL or the TLS types of encryprtion to the FTP 1-1. This type of procedure is usually specified in the RFC 4217.

Through the first example in this study, the anonymous access may pose various security concerns because it will eventually expose the whole system to hijackers who may want to host illegal files through the system (Byrnes 419). However, this does not mean that the anonymous option in the FTP 1-1 protocol is entirely bad because there are some customer facing services which can be effectively served through this method. There are certain recommendations that are normally advanced to reduce the security threats in the FTP 1-1 Protocol; the most common is restricting the anonymous access option by simply clearing the allow anonymous access option in the check box (Kalita 351).

Alternatively, one can easily enable logging on the FTP site to have a correct record of the IP address, the people that accessed the account, or transfered files over the FTP 1-1 Protocol. An adoption of the practice of routine log review can be a good security measure because it can enable one to correctly asses the security trends and detect any breaches or threats in the entire security parameters (Books LLC 445). Log files will then be created but through the modification of oneself. It can also be later used to analyze the patterns in traffic movements as well as any controls for accessing the server.

Hardening of the ACLS can also be a good security measure because access to the FTP directory can be effectively regulated through the FTP directory with permission from the NTFS (Lutz 767). This should be carefully taken into consideration. In order to limit the rights of the groups, activate the no execute option which will limit the ability to read and write for the group users. However, in the case of a blind-put configuration, the limitations against reading and listing should be activated while the write access should be the only option activated.

Alternatively, one can set up the FTP 1-1 as a blind-put. This is especially recommended when one expects users to transfer files or messages to the server, instead of the other way round. In essence, users scan be able to write files without necessarily accessing the FTP 1-1 directory. This will go a long way in preventing unauthorized users from accessing the FTP 1-1 directory. This type of configuration should however be done at both the FTP and directory level but with permission from the NTFS. One can also effectively deactivate the read access option on the FTP site through the home directory tab located in the property section of the tab (Lutz 56).

Disk quotas should also be enabled as a security measure. This feature however comes automatically for some operating systems. It limits the disk space a user can have access to. By default, a given user is assigned the same right which he or she was initially assigned to. In the same regard, the damage on the FTP can be effectively reduced if one of the user is maliciously attacked from an external source. Worse situations are observed when the disk gets filled up through malicious attacks. Obviously, this sort of damage may have consequences to other sectors of the disk space in case of attacks (Lutz 768).

Consequently, by limiting the access to disk space, the server becomes an unattractive destination for hackers to transfer their files. This can be done by activating the option quota management , found in the properties option of NTSF partition window. These divisions are nevertheless limited since they can only be applied to an individual user basis and not in groups.

Time restrictions are also a viable security mechanism whereby users are allocated a specific time after which it disconnects when the time lapses. In essence, this option limits the number of hours in a day that a specific user can log on (Lutz 146). Administratively, this can be a good tool because access to FTP 1-1 would only be limited to the time frame which is authorized. For instance, if the FTP site were to be used in a business environment, the log in duration could only be limited to working hours. This mechanism can be effectively used to shut down the system and secure the FTP from unauthorized people. To activate this security measure, use the option found in the active directory users as well as in common computers against the property page (Books LLC 234).

The IP address can also be used as a security mechanism whereby specific IP addresses can only be used for file transfer or messaging. This will only allow access to specific and authorized IP addresses that eventually limit the exposure to unauthorized individuals who may want to hack into the system. In order to activate this option, the administrators should use the directory security tab which is found in the security tab against the property page of the FTP 1-1. The deny access in the selection box should be activated via the IP address (Lutz 145).

Alternatively, administrators can use audit log on events as another viable security mechanism. Through this mechanism, one can review the failed or successful log-ins in the FTP protocol. This could effectively alert someone on any illegal access into the FTP site. Since it provides a history of the FTP use, it can be used as an intrusion detection structure.

Enabling a strong password requirement is also another mechanism to deter hackers from interfering with the FTP 1-1 protocol. In other words, a complex password should be used to prevent hackers or other end users. Most operating systems have this provision where users are compelled to provide passwords before accessing the system. However, certain local security, and group policies need to be adhered to. Some common provisions in activating strong passwords include exclusion of all, or part of the user accounts, use of at least 6 characters when developing passwords and mix of upper case and lower case characters.

The last security measure common with securing the FTP 1-1 protocol entails enabling the accounts lock out protocol because FTP accounts are easy grounds for password hackers (Books LLC 76). Enabling account lock out limits the number of times a user can try to input passwords. This is especially effective because many unauthorized users guess or try to crack passwords. The local configuration security tool is the selection option to activate this security feature. In this option, accounts are configured by means of group policies.

Conclusion

The FTP 1-1 is virtually among the most common types of internet protocols globally. It is also an effective medium to transfer files in a network environment. Messaging services are also easily carried out through this protocol. An FTP connection can effectively be established through easy steps which can be further facilitated by the operating system. Configuration should be properly done to interlink users with respective servers.

After connecting to the FTP 1-1, users can effectively transfer files and messages through client and server connections. This type of connection however poses a number of Security threats. The FTP 1-1 was not designed to have encryption tools and data was therefore transmitted in clear texts; through the use of user names and passwords. This therefore left the whole system prone to security attacks such as sniffing, because any user could read the FTP commands and files for transfer. This is normally observed through sniffing across the network. These threats can however be effectively curbed through a number of security measures which limits access by unauthorized users. Currently, the FTP 1-1 still remains an integral mechanism through which users can reliably transfer files.

References

Books LLC. FTP: File Transfer Protocol, List of FTP Server Return Codes, Files2u, Gridftp, List Of FTP Commands, FTP Servlet, Managed File Transfer. London: Books LLC, 2010.

Byrnes, David. AutoCAD 2011 for Dummies. Singapore: For Dummies, 2010.

Comer, Douglas. Internetworking with TCP/IP: Principles, Protocols, And Architecture. London: Prentice Hall, 2006.

Comer, Douglas. Computer Networks and Internets. London: Prentice Hall, 2008.

Grasdal, Martin. ISA Server and Beyond: Real World Security Solutions For Microsoft Enterprise Networks. New York: Syngress, 2002.

Kalita, Jugal. On Perl: Perl For Students And Professionals. London: Universal-Publishers, 2004.

Lowe, Doug. Networking All-In-One Desk Reference for Dummies. Singapore: For Dummies, 2008.

Lutz, Mark. Programming Python, Volume 10. New Delhi: O’Reilly Media, Inc, 2006.

Petersen, Richard. Fedora 7 & Red Hat Enterprise Linux: The Complete Reference. New York: McGraw-Hill Professional, 2007.

Shelly, Gary. Microsoft Office 2007: Introductory Concepts and Techniques, Premium Video Edition. London: Cengage Learning, 2009.