File Transfer Protocol (FTP): File Transfer Protocol (FTP) is a TCP-based application with many options and features such as modifying directories, implementing wildcard characters in listed files, transmitting multiple files at once, and utilizing a variety of character sets or file formats. It can be set up for anonymous access without the use of a password, or it can be configured to require a username and password. It also offers an interface resembling a UNIX file directory.
When an FTP client tries to hook up to an FTP server, a TCP connection is directed to the FTP server’s well-known port 21. A username and password is requested from the FTP client, which the server uses for verification of the files available to that user. This security corresponds to the file security on the server’s platform. All the commands used to administer the transferring of files are sent across this connection. This gives the user a range of commands to activate settings for transfer and other actions. The file is sent over a separate FTP data connection over TCP port 20. This prohibits a file transfer from making modifications to the control session.
Secure File Transfer Protocol (SFTP): SFTP (Secure File Transfer Protocol) is a secure version of the File Transfer Protocol (FTP) that includes enhanced encryption and authentication. It administers secure file transfer using SSH or SSH-2. Like FTP, SFTP can be used to transfer files between a client and a server over a network. The same functionality applies to remote servers.
An SFTP can be used exclusively for file transfer access, or it can provide system command access as well. SFTP can limit users to their home directories, is not susceptible to the “flashfxp” transfer utility, and is much less vulnerable to exploitation than FTP. It can be programmed to authorize users with certificates and passwords.
Secure Shell (SSH) and Secure Shell version 2 (SSH-2): SSH is an open standard used for remote administration and file transfer over a network. An encrypted tunnel is created between an SSH client and an SSH server, and it’s programmed to authenticate the client to the server. SSH is the safer alternative to clear-text telnet sessions that are inherently vulnerable. SSH uses port 22 and can be used to substitute both FTP and Telnet. SSH communications are encrypted with the International Data Encryptions Algorithm. Rivest, Shamir, & Addleman (RSA) methods are used for key exchange. Keys are wiped out and recreated every hour.
SSH is used to defend against:
- IP spoofing or IP source routing: The attacker uses the source IP address in his packets to sneak in as a trusted source.
- DNS spoofing: The attacker forges name server records in the DNS. Real-time data modification: An intermediary host hijacks active communication and impersonates both parties in their exchange. The attacker receives information sent by the real sender, alters it and forwards it to the recipient on behalf of the sender.
- Authentication replay attacks: The attacker records the stream of data and cuts off all user replies from the stream to establish a connection. If a hacker gets into a workstation where SSH is used and gains root access privileges, he can then modify the SSH application to his liking.
Secure Shell version 2 (SSH-2) is a security enhanced version SSH and should be used in place of SSH.
Trivial File Transfer Protocol (TFTP): Trivial File Transfer Protocol (TFTP) is a more basic version of FTP. It has a limited set of features, doesn’t require a lot of memory to load, and can be programmed in a short amount of time. There’s no browsing capability, it only sends and receives files. TFTP has been used to seize router configuration files by registering a terminal session during a configuration session and then storing that configuration on a TFTP server. During the configuration the server can be accessed to extract or save configuration data on the network. The disadvantage is that unlike FTP, session authentication does not occur which makes TFTP an open target.