File Transfer Protocol (FTP) is a standard network protocol used for transferring files between a client and server over a computer network. Operating over Transmission Control Protocol (TCP), FTP typically uses port 21 to establish connections, allowing users to upload, download, delete, and organize files on servers.
FTP functions on a client-server model where an FTP client initiates a connection to an FTP server to request file operations. It utilizes two separate channels: a control connection for sending commands and responses, and a data connection for transferring files. Authentication is generally achieved using a username and password, though anonymous FTP allows connections without credentials.
FTP can operate in active or passive modes. In active mode, the client opens a random port and listens for incoming connections from the server. In passive mode, the server opens a random port and waits for a connection from the client, facilitating safer traversal of firewalls and NAT.
A significant limitation of traditional FTP is its lack of encryption, which means data, including credentials, are transmitted in plaintext and susceptible to interception. To address this, Secure FTP (SFTP) and FTP Secure (FTPS) offer encrypted transfer capabilities.
FTP is widely used for website management, data backups, and software distribution. Best practices for secure FTP use include preferring SFTP or FTPS, implementing strong authentication mechanisms like multi-factor authentication (MFA), and properly configuring firewalls to secure FTP traffic.