EnterpriseDT Blogs

Posts Tagged ‘ftp’

Multi-protocol gateway

Friday, December 30th, 2011

CompleteFTP 6.2.0 has been released, and contains an exciting new feature in the Enterprise Edition called the multi-protocol gateway.

Basically, CompleteFTP can act as a gateway to other servers. It can present any of its own protocols to a client, and translate them into a different protocol to talk to another server. The client will be unaware it is communicating with this other server.

This is an extremely powerful feature. For example, you can use the gateway to:

  • Provide secure access to another non-secure FTP server located on the same machine or network. CompleteFTP provides a secure wrapper to the secure server. This means SFTP or FTPS clients can connect to CompleteFTP, which proxies the requests on to the non-secure server.
  • Add FTP or FTPS support to an existing SFTP server. This means FTP or FTPS clients can access the SFTP server without any other changes than setting up CompleteFTP to proxy the requests.
  • Add SFTP support to an existing FTP or FTPS server. This means SFTP clients can access the FTP or FTPS server without any other changes than setting up CompleteFTP to proxy the requests.

The remote server can be used simply as a remotely mounted filesystem, but it can also be used to authenticate users logging into CompleteFTP.

We look forward to hearing from customers how they are using the multi-protocol gateway.

Tags: , , , ,
Posted in Announcements | No Comments »

Is FTP dead?

Thursday, November 27th, 2008

Is FTP, the once ubiquitous File Transfer Protocol, dead?

It’s certainly an ageing protocol. Invented in the 1970’s, most implementations follow RFC 959, published in 1985.

And there are plenty of criticisms of FTP. It isn’t secure - passwords are sent in plain text. Data transfers use a new TCP connection for each transfer, and this can cause complications with firewalls as well as exhausting system resources. Directory listings aren’t standardized, and timestamps aren’t preserved on transferred files.

And yet FTP still persists. A quick google reveals hundreds, if not thousands, of FTP products on the market, and millions of references. Given its flaws, why is FTP still in use?

The biggest reason is the lack of competition. There simply aren’t many viable alternatives for transferring files across networks, including the Internet. HTTP is primarily used for downloading files, and isn’t very flexible. More proprietary protocols such as SMB are for local networks only. Instant messaging clients do provide file transfer facilities, but these are tightly integrated with the GUI, and generally only work with other clients on the same messaging network.

Also, many NAT devices automatically work with FTP, opening and closing data ports as needed. The appropriately ports are normally open in firewalls, so if anything will work without reconfiguration, it will be FTP.

So it seems that FTP will be around for a long time yet.

Given that we haven’t got much choice, how can we best use FTP?

One of the most important criticisms is lack of security. FTPS (FTP over SSL) was designed to overcome this problem.

Often called secure FTP, in FTPS passwords are no longer sent in plain text, but over an encrypted connection. Both commands and data can be encrypted, and a number of ciphers are available. FTPS is becoming quite widespread, and is supported by many FTP servers. It is a good choice if it is a requirement to add security to existing applications that are using FTP, as the protocol is not significantly changed. It should be noted that firewalls may require some reconfiguration as NAT devices are no longer able to automatically open and close ports as required - since commands are encrypted they are unable to determine what ports are being used.

Another option is to use SFTP (FTP over SSH). This is actually a different protocol altogether, and one that was designed to provide security from the beginning. It also uses a single TCP connection for both commands and data, eliminating most firewall problems. As SFTP is a more modern protocol, it also provides standardized directory listings and other useful features.

In conclusion, FTP lives on and on. It is still the most popular way of transferring files, and both FTPS and SFTP offer more secure ways of doing so than ordinary FTP.

Tags:
Posted in Discussion | Comments Off