What protocol is used to transfer data over the Web?
Before implementing a secure file transfer solution, it is good to know the basics of protocols that are involved in the secure transmission of data. Show by Eloïse Gruber FTPThe FTP file transfer protocol is a popular transfer method that has been around for decades. FTP exchanges data using two separate channels: the command channel to authenticate the user and the data channel to transfer files. However, these two FTP channels are not encrypted, which implies that the data sent has a risk of being exploited even if it requires a username and password to authenticate access. FTPSShort for FTP, FTPS is a secure file transfer protocol that allows you to transfer files securely through SSL/TLS (Secure Sockets Layer/ Transport Layer Security). FTPS transfers can be authenticated by support methods, such as customer certificates, server certificates and passwords. SFTPSFTP stands for FTP part SSH (Secure Shell). This is a secure FTP protocol that is an excellent alternative to unsecured FTP tools or manual scripts. SFTP allows data to be exchanged via an SSH connection that provides a high level of protection for file sharing between systems, cloud, collaborators, etc. TFTPLike FTPS and SFTP, TFTP is based on the FTP protocol. TFTP (Trivial File Transfer Protocol) is a simple transfer protocol that allows you to send and receive files. TFTP is used when the reliability of the file is known and no security is required when sending or receiving the file because authentication and encryption of the data are not possible. Anyone who knows the path can download the files. This is not the most secure transfer solution. SCPSCP, or Secure Copy Protocol, is an older network protocol that supports file transfers between network hosts. It is somewhat similar to FTP, however SCP supports encryption and authentication functions. HTTP and HTTPSThe cornerstone of the World Wide Web, HTTP (Hyper Text Transfer Protocol) is the backbone of data communication. It defines the format of messages by which browsers and web servers communicate and determines how a browser should respond to a query. HTTP uses TCP (Transmission Control Protocol) as a secondary protocol, which is also a stateless protocol. This means that each command is executed independently and no session information is retained by the recipient. HTTPS (Hyper Text Transfer Protocol Secure) is the secure version of HTTP where communications are encrypted by TLS or SSL. AS2, AS3, and AS4AS2, AS3 and AS4 are all protocols used to send and secure sensitive file transfers. AS2 is used to reliably transmit confidential data over the Internet. AS2 uses digital certificates and encryption standards to protect information as it transits between systems and networks. AS2 messages can be compressed, signed, encrypted and sent via a secure SSL tunnel. AS3 is a standard that can be used to transmit virtually any type of file. AS3 provides an additional level of security when transmitting data through digital signatures and data encryption. It was originally created to transfer XML and EDI data files. Unlike AS2, which is a defined transfer protocol, AS3 is a message standard and focuses on how a message should be formatted when transmitting from server to server. Once an AS3 message has been dialled, it can be transmitted via any other protocol (FTP, SFTP, HTTPS, etc.) provided both parties can access where the message was placed. AS4 allows companies to exchange data securely. It builds on the foundation established by AS2, but works with web services and provides delivery notifications. As a business-to-business standard, AS4 helps make document exchange safe and simple on the internet. PeSITPeSIT is the abbreviation for the “Exchange Protocol for an Interbank Telecompensation System.” PeSIT is a file transfer protocol that was developed by the French Interbank Interbank Systems (GSIT) Economic Interest Group. It is mainly used to meet European banking standards and to transfer communications between banks in Europe. If you're seeing this message, it means we're having trouble loading external resources on our website. If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked. FTP (File Transfer Protocol) is a network protocol for transmitting files between computers over Transmission Control Protocol/Internet Protocol (TCP/IP) connections. Within the TCP/IP suite, FTP is considered an application layer protocol. In an FTP transaction, the end user's computer is typically called the local host. The second computer involved in FTP is a remote host, which is usually a server. Both computers need to be connected via a network and configured properly to transfer files via FTP. Servers must be set up to run FTP services, and the client must have FTP software installed to access these services. Although many file transfers can be conducted using Hypertext Transfer Protocol (HTTP) -- another protocol in the TCP/IP suite -- FTP is still commonly used to transfer files behind the scenes for other applications, such as banking services. It is also sometimes used to download new applications via web browsers. How does FTP work?FTP is a client-server protocol that relies on two communications channels between the client and server: a command channel for controlling the conversation and a data channel for transmitting file content. Here is how a typical FTP transfer works:
FTP sessions work in active or passive modes:
Users can work with FTP via a simple command-line interface -- from a console or terminal window in Microsoft Windows, Apple macOS or Linux -- or with a dedicated graphical user interface. Web browsers can also serve as FTP clients. Why is FTP important and what is it used for?FTP is a standard network protocol that can enable expansive file transfer capabilities across IP networks. Without FTP, file and data transfer can be managed with other mechanisms -- such as email or an HTTP web service -- but those other options lack the clarity of focus, precision and control that FTP enables. FTP is used for file transfers between one system and another, and it has several common use cases, including the following:
FTP typesThere are several different ways an FTP server and client software can conduct a file transfer using FTP:
FTP securityFTP was initially defined in 1971, predating TCP and IP, and it has been redefined several times since then to accommodate new technologies, including the use of TCP/IP, or Request for Comments 765 and RFC 959, and IPv6, or RFC 2428. FTP has also undergone several updates to enhance FTP security. These include versions that encrypt via an implicit TLS connection (FTPS) or explicit TLS connection (FTPES) or that work with SFTP. By default, FTP does not encrypt traffic, and individuals can capture packets to read usernames, passwords and other data. By encrypting FTP with FTPS or FTPES, data is protected, limiting the ability of an attacker to eavesdrop on a connection and steal data. FTP may still be vulnerable to brute-force attacks against user/password authentication spoofing, an FTP bounce attack or a distributed denial-of-service attack. History of FTPThe first specification for FTP was published as RFC 114 on April 16, 1971, and was written by Abhay Bhushan, then a student at the Massachusetts Institute of Technology. The original idea behind FTP was to enable the transfer of files over ARPANET, the precursor to the internet. As the modern internet began to take shape, the FTP specification underwent several revisions to align with networking standards, including TCP/IP. In 1980, a new version of FTP was defined in RFC 765 by Jon Postel, a research scientist at the Information Sciences Institute at the University of Southern California at the time. Five years later, FTP was redefined yet again with RFC 959, which introduced new management capabilities for the protocol, including the ability to make and remove a file directory. Prior iterations of FTP were largely limited to transferring files to and from existing file directory structures. In 1997, RFC 959 was updated with new capabilities defined in RFC 2228 to provide security capabilities. Two years later, FTP was updated with RFC 2428 to support the IPv6 protocol. FTP clientsFTP clients are used to upload, download and manage files on a server. FTP clients include the following: |