File eXchange Protocol

File eXchange Protocol (FXP) is a method of data transfer which uses the FTP protocol to transfer data from one remote server to another (inter-server) without routing this data through the client's connection. Conventional FTP involves a single server and a single client; all data transmission is done between these two. In the FXP session, a client maintains a standard FTP connection to two servers, and can direct either server to connect to the other to initiate a data transfer. The advantage of using FXP over FTP is evident when a high-bandwidth server demands resources from another high-bandwidth server, but only a low-bandwidth client, such as a network administrator working away from location, has the authority to access the resources on both servers.

Risk

Enabling FXP support, however, can make a server vulnerable to an exploit known as FTP bounce. As a result of this, FTP server software often has FXP disabled by default.

FXP over SSL

Some FTP Servers such as glFTPd, RaidenFTPd, and wzdftpd support negotiation of a secure data channel between two servers using either of the FTP protocol extension commands; CPSV or SSCN. This normally works by the client issuing CPSV in lieu of the PASV command - or by sending SSCN prior to PASV transfers -, which instructs the server to create either a SSL or TLS connection. However, both methods - CPSV and SSCN - are susceptible to Man-in-the-Middle attacks, since the two FTP servers do not verify each other's SSL certificates. SSCN was first introduced by RaidenFTPd and SmartFTP in 2003 and has been widely adopted now.

Managed File Transfer

Managed File Transfer (MFT) refers to software solutions that facilitate the secure transfer of data from one computer to another through a network (e.g., the Internet). MFT solutions are often built using the FTP network protocol. However, the term specifically describes solutions that remedy the disadvantages associated with FTP.

Typically, MFT offers a higher level of security and control than FTP. Features include reporting (e.g., notification of successful file transfers), non-repudiation (i.e., guaranteed delivery), auditability, global visibility, automation of file transfer-related activities and processes, end-to-end security, and performance metrics/monitoring.

Background

From its inception in 1980, FTP has made moving large volumes of bulk data between any two entities--including file servers, applications, and trading partners--possible. However, FTP (and other communication protocols such as HTTP and SMTP) do not, on their own, provide a way to secure or manage the payload or the transmission. Yet, regardless of the lack of security and management capabilities, many companies have continued to transport large batches of structured and unstructured data using these protocols.

This practice is changing, however. According to Gartner Research, "Numerous factors cause companies to re-examine how they manage the movement of information from system to system, partner to partner, and person to person. FTP alone is not a viable option to give [organizations] the insight, security, performance and, ultimately, the risk mitigation necessary to responsibly conduct business."

FTP over SSH (not SFTP)

FTP over SSH (not SFTP) refers to the practice of tunneling a normal FTP session over an SSH connection.

Because FTP uses multiple TCP connections (unusual for a TCP/IP protocol that is still in use), it is particularly difficult to tunnel over SSH. With many SSH clients, attempting to set up a tunnel for the control channel (the initial client-to-server connection on port 21) will protect only that channel; when data is transferred, the FTP software at either end will set up new TCP connections (data channels) which will bypass the SSH connection, and thus have no confidentiality, integrity protection, etc.

Otherwise, it is necessary for the SSH client software to have specific knowledge of the FTP protocol, and monitor and rewrite FTP control channel messages and autonomously open new forwardings for FTP data channels. Version 3 of SSH Communications Security's software suite, and the GPL licensed FONC are two software packages that support this mode.

FTP over SSH is sometimes referred to as secure FTP; this should not be confused with other methods of securing FTP, such as with SSL/TLS (FTPS). Other methods of transferring files using SSH that are not related to FTP include SFTP and SCP; in each of these, the entire conversation (credentials and data) is always protected by the SSH protocol.


Red Drive is a free file transfer extension that integrates with your Windows Explorer environment allowing you to drag, drop, open and edit files on remote servers without launching a separate file transfer client. Red Drive supports various file transfer protocols including FTP, FTPS (FTP over SSL), SFTP (FTP over SSH) and WebDAV.