File transfer is the act of communicating files from one computer to another, often called uploading or downloading. Most of us do this every day over the internet or by email through the use of email attachments and this behaviour has become so common that we very often have very little knowledge of what is actually involved. Essentially the process is reliant on particular digital codes called 'protocols' which consist of digital messages and which may include such processes as authentication, signalling and error detection and communication as well as dictating the syntax and semantics of the file to be transferred. The standard protocol in use is literally called 'FTP' - File Transfer Protocol and it is used over the internet within a specific suite called 'TCP' or 'IP', TCP meaning 'Transmission Control Protocol' and IP being 'Internet Protocol'. As you can gather, within this suite there is a whole set of communications protocols of which FTP is the most well known in terms of the file transfer process. The TCP/IP suite is essentially a set of layers with each layer responsible for solving a particular set of problems.
Primarily, file transfer is the responsibility of file servers and there are two basic types of transfer, the first of these is called 'pull-based' because the request for information is requested by the client and the second is 'push-based' in which a server automatically dispatches information to the client, very often in response to a pre-arranged subscription, for example a membership of a magazine website. File transfer is executed using a variety of methods, for example 'transparent' file transfers occur without the client necessarily being aware of it, whereas 'explicit' file transfers operate in response to client demand often following authentication procedures such as a 'signing-in' operation. File transfers can operate on a peer-to-peer basis on a computer network where the same information is distributed equally between a number of workstations. There are also file transfers regularly occurring between workstations and peripheral devices such as printers, scanners, webcams and so forth.
As I mentioned a moment ago, FTP - File Transfer Protocol is the standard protocol used within the TCP/IP suite, but that doesn't mean to say necessarily that it's popular, in fact some people out there think that FTP can be a bit of a hassle. According to a blogger on the Send This File website who chooses just to call himself 'Alex', the main issue with FTP is that of security. "FTP has many security issues" he says "including bounce attacks, spoof attacks, brute force attacks, packet sniffing, username protection and port stealing. Perhaps the biggest risk with FTP is that the FTP server can only handle usernames and passwords in unencrypted plain text".
Of course, 'Alex' may very well be merely trying to sell you a new kind of transfer protocol or procedure, particularly in view of the fact that the website on which his blog appears is devoted to a particular internet-based transfer service which claims not to require any downloading of software, any email attachments and which has no apparent limit on the size of files to be transferred. Actually, in reading this I'm suddenly quite interested and I suddenly find myself bookmarking this website for future reference. In the meantime however, you may be confused somewhat by 'Alex's' reference to all sorts of attacks and so forth. What is he going on about?
This can all get very technical and complicated, but I've managed to make some sense of it, I think. Let's start with the 'bounce attack'. This is a method of accessing a computer by exploiting a gliche in the FTP protocol using the 'Port' command and is a method of accessing a machine through an indirect route, that is by scanning the server for open ports (a 'Port' is the end destination of a particular communication, often identified by a 'port number' and the IP address of the user of the destination computer). However, these days it seems that modern FTP servers are programmed by a default command to refuse Port commands that do not connect to the originating machine, thus thwarting bounce attacks.
A spoof attack is an attack that is conducted using a disguise, that is to say the person originating the program (the attacker) disguises the program so that it looks like another program that the victim might be interested in. Some of these kinds of attack are known as 'man-in-the-middle' attacks whereby the attacker intercepts communications between two computer operators and in the process convinces both that the other is the attacker. A more well known form of spoof attack is 'phishing' whereby a victim's web page is reproduced (for example a web page belonging to a bank). When people who may hold accounts with the victim's organisation access the web page, it steals their passwords and account information.
A brute force attack is one directed against a site that is encrypted. The attacker checks all the cryptographic keys that are used in the encryption program until the right keys are found at which point the attacker can then gain access.
Packet sniffing involves the use of a network analyzer which intercepts communications traffic passing over a network. It captures each 'packet' (a unit of data) and decodes and analyzes its contents.
In order to understand 'Port stealing' it is necessary to know that network interfaces are identified by an MAC address (MAC = Media Access Control) these connect with Ports (the end destinations of communications referred to earlier) via something called a CAM table (CAM = Content Addressable Memory) which is a mechanism used by something called a 'switch' which copies bits of information very quickly from one Port to another. This is very complicated but basically it enables multiple communications to occur at the same time. A 'Port stealing' attack occurs when an attacker introduces his own MAC address into a network and redirects information to it.
So, it seems there are a number of problems with FTP and Alex's Send This File website isn't the only company out there offering an alternative, there are others out there as well such as yousendit.com. and transferbigfiles.com. Essentially, companies such as these are the online equivalent of couriers who transport packages between busy city offices. Yousendit also issues clients receipts which they can click on to download the file. However, such 'courier' services aren't the only options. Other companies such as Sysax offer software that transfer files using FTP but with the added advantages of automation in order to ease the operation of complex tasks and debugging.
FTP isn't the only method of file transfer, although it is the oldest. There is also something called P2P software (Peer to Peer) which is specifically intended to transfer large files efficiently. One example of P2P software is BitTorrent, but there are others such as BearShare and Ares. Very often they are used to transfer and share music files, videos and other such information. There is also the popular 'Instant Messenger' application such as MSN and AIM while MS Windows has a file-sharing facility which allows you to share some of your files with other computer users by designating certain files on your hard drive as suitable for sharing on the network.
The simplest method of transferring files however is the standard email attachment, which everybody uses. The main problem with this method though is that they suffer from the disadvantage of often being only capable of transferring small amounts of data, although compressing files before emailing them may help to counter this. There are also certain services available to assist with emailing large files, such as mailbigfile.com a free email sending service, along with the other courier style companies I mentioned previously.
At the end of the day transferring information across the net largely depends on the speed and power of your computer or computer network and the risks that may be involved. Fortunately there are a wide variety of methods for transferring data, not just involving FTP or email attachments. It is therefore very worth while just logging on and seeing what is available on the net if you need assistance.
http://www.millhousedata.com/
'A Free Alternative to FTP' by 'Alex', Send This File: The Trusted File Transfer Service,
Wikipedia
Sysax
Robin Whitlock
I am a freelance writer, researcher and administrator with an interest in many contemporary issues across a wide variety of genre's and business sectors. I have a particular interest in energy and the environment which is the main theme of my blog. I have been published in a wide variety of magazines since I started writing in 1997 and I also write regularly for the social media forum of a technical recruitment consultancy based in Milton Keynes. More recently I have started writing articles for the website of a business software company and also work as an online data input administrator for a London-based research company involved in gathering investment information for the food and renewable technology industries. I am a graduate of Bath Spa University with a BA (Hons) in Psychology and English (2/1).
Article Source: http://EzineArticles.com/?expert=Robin_Whitlock
No comments:
Post a Comment