File eXchange Protocol

File eXchange Protocol (FXP) is a method of data transfer which uses the FTP protocol to transfer data from one remote server to another (inter-server) without routing this data through the client's connection. Conventional FTP involves a single server and a single client; all data transmission is done between these two. In the FXP session, a client maintains a standard FTP connection to two servers, and can direct either server to connect to the other to initiate a data transfer. The advantage of using FXP over FTP is evident when a high-bandwidth server demands resources from another high-bandwidth server, but only a low-bandwidth client, such as a network administrator working away from location, has the authority to access the resources on both servers.

Risk

Enabling FXP support, however, can make a server vulnerable to an exploit known as FTP bounce. As a result of this, FTP server software often has FXP disabled by default.

FXP over SSL

Some FTP Servers such as glFTPd, RaidenFTPd, and wzdftpd support negotiation of a secure data channel between two servers using either of the FTP protocol extension commands; CPSV or SSCN. This normally works by the client issuing CPSV in lieu of the PASV command - or by sending SSCN prior to PASV transfers -, which instructs the server to create either a SSL or TLS connection. However, both methods - CPSV and SSCN - are susceptible to Man-in-the-Middle attacks, since the two FTP servers do not verify each other's SSL certificates. SSCN was first introduced by RaidenFTPd and SmartFTP in 2003 and has been widely adopted now.
2 comments:
Labels: , , , , , , , , ,

Managed File Transfer


Managed File Transfer (MFT) refers to software solutions that facilitate the secure transfer of data from one computer to another through a network (e.g., the Internet). MFT solutions are often built using the FTP network protocol. However, the term specifically describes solutions that remedy the disadvantages associated with FTP.

Typically, MFT offers a higher level of security and control than FTP. Features include reporting (e.g., notification of successful file transfers), non-repudiation (i.e., guaranteed delivery), auditability, global visibility, automation of file transfer-related activities and processes, end-to-end security, and performance metrics/monitoring.

Background

From its inception in 1980, FTP has made moving large volumes of bulk data between any two entities--including file servers, applications, and trading partners--possible. However, FTP (and other communication protocols such as HTTP and SMTP) do not, on their own, provide a way to secure or manage the payload or the transmission. Yet, regardless of the lack of security and management capabilities, many companies have continued to transport large batches of structured and unstructured data using these protocols.

This practice is changing, however. According to Gartner Research, "Numerous factors cause companies to re-examine how they manage the movement of information from system to system, partner to partner, and person to person. FTP alone is not a viable option to give [organizations] the insight, security, performance and, ultimately, the risk mitigation necessary to responsibly conduct business."
2 comments:
Labels: , , , , , , , , ,

FTP over SSH (not SFTP)

FTP over SSH (not SFTP) refers to the practice of tunneling a normal FTP session over an SSH connection.

Because FTP uses multiple TCP connections (unusual for a TCP/IP protocol that is still in use), it is particularly difficult to tunnel over SSH. With many SSH clients, attempting to set up a tunnel for the control channel (the initial client-to-server connection on port 21) will protect only that channel; when data is transferred, the FTP software at either end will set up new TCP connections (data channels) which will bypass the SSH connection, and thus have no confidentiality, integrity protection, etc.

Otherwise, it is necessary for the SSH client software to have specific knowledge of the FTP protocol, and monitor and rewrite FTP control channel messages and autonomously open new forwardings for FTP data channels. Version 3 of SSH Communications Security's software suite, and the GPL licensed FONC are two software packages that support this mode.

FTP over SSH is sometimes referred to as secure FTP; this should not be confused with other methods of securing FTP, such as with SSL/TLS (FTPS). Other methods of transferring files using SSH that are not related to FTP include SFTP and SCP; in each of these, the entire conversation (credentials and data) is always protected by the SSH protocol.


Red Drive is a free file transfer extension that integrates with your Windows Explorer environment allowing you to drag, drop, open and edit files on remote servers without launching a separate file transfer client. Red Drive supports various file transfer protocols including FTP, FTPS (FTP over SSL), SFTP (FTP over SSH) and WebDAV.
No comments:
Labels: , , , , , , , , , ,

Anonymous FTP

A host which provides an FTP service may additionally provide Anonymous FTP access as well. Under this arrangement, users do not strictly need an account on the host. Instead the user typically enters 'anonymous' or 'ftp' when prompted for username. Although users are commonly asked to send their email address as their password, little to no verification is actually performed on the supplied data.

As modern FTP clients typically hide the anonymous login process from the user, the ftp client will supply dummy data as the password (since the user's email address may not be known to the application).

For example, the following ftp user agents specify the listed passwords for anonymous logins:

* Mozilla Firefox (2.0) — mozilla@example.com

* KDE Konqueror (3.5) — anonymous@

* wget (1.10.2) — -wget@

* lftp (3.4.4) — lftp@

Anonymous FTP

The Gopher protocol has been suggested as an alternative to anonymous FTP, as well as Trivial File Transfer Protocol and File Service Protocol.


No comments:
Labels: , , , , , , , , , ,

Types of Packet Switching

Connectionless and connection-oriented packet switching

The service actually provided to the user by networks using packet switching nodes can be either be connectionless (based on datagram messages), or virtual circuit switching (also known as connection oriented). Some connectionless protocols are Ethernet, IP, and UDP; connection oriented packet-switching protocols include X.25, Frame relay, Asynchronous Transfer Mode (ATM), Multiprotocol Label Switching (MPLS), and TCP.

In connection oriented networks, each packet is labeled with a connection ID rather than an address. Address information is only transferred to each node during a connection set-up phase, when an entry is added to each switching table in the network nodes.

In connectionless networks, each packet is labeled with a destination address, and may also be labeled with the sequence number of the packet. This precludes the need for a dedicated path to help the packet find its way to its destination. Each packet is dispatched and may go via different routes. At the destination, the original message/data is reassembled in the correct order, based on the packet sequence number. Thus a virtual connection, also known as a virtual circuit or byte stream is provided to the end-user by a transport layer protocol, although intermediate network nodes only provides a connectionless network layer service.
No comments:
Labels: , , , , , ,

History of packet switching

The concept of packet switching was first explored by Paul Baran in the early 1960s, and then independently a few years later by Donald Davies (Abbate, 2000).

Leonard Kleinrock conducted early research in queueing theory which would be important in packet switching, and published a book in the related field of digital message switching (without the packets) in 1961; he also later played a leading role in building and management of the world's first packet switched network, the ARPANET.

Baran developed the concept of packet switching during his research at the RAND Corporation for the US Air Force into survivable communications networks, first presented to the Air Force in the summer of 1961 as briefing B-265 then published as RAND Paper P-2626 in 1962 , and then including and expanding somewhat within a series of eleven papers titled On Distributed Communications in 1964. Baran's P-2626 paper described a general architecture for a large-scale, distributed, survivable communications network. The paper focuses on three key ideas: first, use of a decentralized network with multiple paths between any two points; and second, dividing complete user messages into what he called message blocks (later called packets); then third, delivery of these messages by store and forward switching.

Baran's study made its way to Robert Taylor and J.C.R. Licklider at the Information Processing Technology Office, both wide-area network evangelists, and it helped influence Lawrence Roberts to adopt the technology when Taylor put him in charge of development of the ARPANET.

Baran's packet switching work was similar to the research performed independently by Donald Davies at the National Physical Laboratory, UK. In 1965, Davies developed the concept of packet-switched networks and proposed development of a UK wide network. He gave a talk on the proposal in 1966, after which a person from the Ministry of Defense told him about Baran's work. Davies met Lawrence Roberts at the 1967 ACM Symposium on Operating System Principles, bringing the two groups together.

Interestingly, Davies had chosen some of the same parameters for his original network design as Baran, such as a packet size of 1024 bits. Roberts and the ARPANET team took the name "packet switching" itself from Davies's work.
No comments:
Labels: , , , ,

Packet switching in networks

Packet switching is used to optimize the use of the channel capacity available in digital telecommunication networks such as computer networks, to minimize the transmission latency (i.e. the time it takes for data to pass across the network), and to increase robustness of communication.

The most well-known use of packet switching is the Internet and local area networks. The Internet uses the Internet protocol suite over a variety of Link Layer protocols. For example, Ethernet and frame relay are very common. Newer mobile phone technologies (e.g., GPRS, I-mode) also use packet switching.

X.25 is a notable use of packet switching in that, despite being based on packet switching methods, it provided virtual circuits to the user. These virtual circuits carry variable-length packets. In 1978, X.25 was used to provide the first international and commercial packet switching network, the International Packet Switched Service (IPSS). Asynchronous Transfer Mode (ATM) also is a virtual circuit technology, which uses fixed-length cell relay connection oriented packet switching.

Datagram packet switching is also called connectionless networking because no connections are established. Technologies such as Multiprotocol Label Switching (MPLS) and the Resource Reservation Protocol (RSVP) create virtual circuits on top of datagram networks. Virtual circuits are especially useful in building robust failover mechanisms and allocating bandwidth for delay-sensitive applications.

MPLS and its predecessors, as well as ATM, have been called "fast packet" technologies. MPLS, indeed, has been called "ATM without cells". Modern routers, however, do not require these technologies to be able to forward variable-length packets at multigigabit speeds across the network.
No comments:
Labels: , , , , , , ,

Packet switching

Packet switching is a network communications method that groups all transmitted data, irrespective of content, type, or structure into suitably-sized blocks, called packets. The network over which packets are transmitted is a shared network that routes each packet independently from all others and allocates transmission resources as needed. Principal goals of packet switching are to optimize utilization of available link capacity and to increase robustness of communication.

Network resources are managed by statistical multiplexing or dynamic bandwidth allocation in which a physical communication channel is effectively divided into an arbitrary number of logical variable-bit-rate channels or data streams. Each logical stream consists of a sequence of packets, which normally are forwarded by a network node asynchronously in a first-in, first-out fashion. Alternatively, the packets may be forwarded according to some scheduling discipline for fair queuing or for differentiated or guaranteed quality of service. In case of a shared physical medium, the packets may be delivered according to some packet-mode multiple access scheme. When traversing network nodes, packets are buffered and queued, resulting in variable delay and throughput, depending on the traffic load in the network.

Packet switching contrasts with another principal networking paradigm, circuit switching, a method which sets up a specific circuit with a limited number dedicated connection of constant bit rate and constant delay between nodes for exclusive use during the communication session.

Packet mode (or packet-oriented, packet-based) communication may be utilized with or without intermediate forwarding nodes (packet switches).
No comments:
Labels: , , , , , , , , , , ,
Subscribe to: Posts (Atom)