History of FTP
FTP is an acronym for File Transfer Protocol. The original documentation for FTP dates back to 1970, when a computer engineer named Abhay Bhushan published it as RFC114. Since then FTP has not evolved considerably. There have only been two revisions to the original documentation, one in June 1980 and the other in October 1985.
Today the world of computer technology has changed dramatically but FTP still remains as a prehistoric artifact. The lack of revision has made FTP as an extremely unreliable option for secure file sharing.
Drawbacks of FTP
The initial documentation of FTP lacked any provisions for secure file sharing. Later revisions too avoided addressing this issue, as a result FTP is an extremely unsecured protocol by today’s standards. In this article we discuss what weaknesses of FTP make it so unsecure.
No Support for Encryption
Time and again, computer experts have stressed on the need of encryption for online data sharing. FTP has managed to stay unaffected by such concerns and till date has no provisions for supporting encryption of outgoing traffic. This lack of encryption makes any data transmitted using FTP extremely susceptible to interception. Any data including user names and passwords are sent out as plain texts, if such packets are captured by a hacker, he can easily gain illegal access to your network and financial accounts. This lack of encryption takes the secure out of secure file sharing.
Vulnerable to Spoof Attacks
In terms of network security terminology, spoofing refers to the activity of false representation. When a hacker sends packets from his machine that has false information regarding the origin of the packet, it is termed as a spoof attempt.
The File Transfer Protocol has no method to verify the origins of the incoming packets. However, the vulnerability to spoofing can be minimized by implementing a firewall that has the capability of deep packet inspection; the FTP doesn’t provide any security measures on its own. Any one on the internet can request access to your files by misrepresenting their identity. There have been many cases in the past where people found themselves duped due to such misrepresentations. Lack of encryption and vulnerability to spoofing make FTP the least favorable option for secure file sharing.
No Support for Sessions Management
You must have experienced this at some point in your past. Session management refers to a continued session between the client and the server even if the line is dropped. The facility of session management allows the user to continue exactly from where he left the last time. Such sessions are maintained unless a request for discontinuance is sent from the client side. As there is no session management support in FTP, it does not supports the pause and resume facility while uploading or downloading a file. This makes it impractical for sharing large files, especially for those who have slow internet connections. One of the tenets of secure file sharing is the capability of resuming the interrupted downloads/uploads, with no such facility in FTP, it becomes almost impossible to share large files on an unreliable slow internet connection.
Featured images: License: Creative Commons image source
Author Wan Lee is a network expert. He provides network security consulting services and has written many articles on secure file sharing on www.rocketsoftware.com.