FTP, stands for File Transfer Protocol (FTP).
It is a standard network protocol used to transfer files between computers over the Internet.
The most popular file transfer protocol
FTP is widely used across the world as it is the default file transfer method such as cPanel and Plesk.
As cPanel and Plesk are the most popular web admin panel used nowadays, FTP becomes the most common file transfer protocol as well.
Is FTP secured?
FTP was never built to be a secure file transfer protocol when it was developed in the early 1970s by Abhay Bhushan while he was a student at MIT.
Security challengers with FTP
FTP authentication is sent as clear text without any encryption.
This makes it easy for anyone with a packet sniffer to view the username and password.
So, the data sent via FTP is vulnerable to sniffing, middle-man attacks, brute-forcing, spoofing and also other attack methods.
Which port does FTP use?
FTP uses port 21 as the control port and port 20 as the data port.
FTP uses port 21 to begin a session, accessing the port over TCP to provide the authentication such as username and password.
How does sniffing work?
Sniffing is a very common type of passive attack that allows attackers to eavesdrop on the network, capture the authentication, and use it for accessing your FTP.
Use FTPS or SFTP instead of FTP
FTPS is a secure variant of the basic FTP protocol.
FTPS is created with the same basic methodology of the older FTP protocol with SSL encryption as a security measurement to protect the data transferred between client and server.
So, FTPS requests an SSL encrypted connection to be established first before it sends any data over to the server.
Recently, it has been slowly replaced by the use of SFTP instead.
SFTP stands for SSH File Transfer Protocol, or Secure File Transfer Protocol.
It is a separate protocol packaged with SSH that works in a similar way over a secure connection.
It is different from the basic FTP and FTPS models in many aspects.
First, the connection for data transfers between the client and server is secured by Secure Shell (SSH) protocols.
Secondly, unlike FTP and FTPS, the SFTP protocol is packet-based as opposed to text-based.
Lastly, with SSH as the protocol, the encryption filters cannot be bypassed or turned off using AUTH commands, which is common among FTP and FTPS protocols.
Some of the FTP exploits used by attackers
- Anonymous Authentication
- This is an FTP vulnerability that allows users to log in to FTP with a user name or anonymously. Any data hosted on such anonymous FTP server is left unprotected. In 2017, FBI Alerts Medical and Dental Facilities on the Anonymous FTP Security Vulnerability.
- Directory Traversal Attack
- Directory traversal attacks allow attackers to access restricted directories and execute commands outside of the web server’s root directory. As a result, the original FTP owner is then subject to the file or directory permissions and controls of the attacker. (Acunetix)