Hi everyone, Ed Amoroso here. And in this video, I want to tell you about a crazy protocol called File Transfer Protocol or FTP. The reason I say crazy, is it was designed a long time ago. I think some people have told me that they think this may be one of the first protocols that existed on the internet. And as you look at it, I'm going to show you that, you'll see that it's a little messy the way the thing is set up. Now, why do we care about that from a security perspective? Because when we go to design packet filtering rules for this one, this is a little tricky, this is not the simple HTTP thing that we had before. It just sits lightly on top of the TCP connection. It turns out that FTP uses two different TCP connections, and they go in different directions which makes life more difficult. So here's the way it works. We're going to set up an FTP client and an FTP server. I'm going to represent the programs that are running these named programs that have ports by arrows, vertical arrows that are set up. FTP client is going to have two ports that are open. One on some high number, 5,006, I made that up. 5,000 whatever, five, I also made that up. And then the server, because it's a well-known capability is going to have low number of ports as you've learned. So we're going to use 20 and 21. Those are reserved ports for FTP set up control and for data transfer. So here's how this thing is going to work. Let's say we have a client, and the way it would work is you download the client, looks like most clients is going to allow you to download files from an FTP server. I know a lot of you would say, well, why don't you use HTTP for that, and the answer is you would. But when there was no HTTP, this is what we use to download a research paper, an article or whatever use FTP. So the server is going to start by one of the ports it's going to send a port command, and that word port is different than TCP port. But bear with me to name of the command that FTP used. Since this command port to port 20 and the FTP server, and then FTP server then responds with an okay. And in the content of that port command, it's going to tell the FTP server, oh by the way, I've got another port that I opened here on 5,006 so it gives you that number. Now, the server knows you're on 5,005 because that's a source port. So I have to tell you that I want you to do 5,006 for data transfer, and this thing is the server-initiating outbound, I'm sorry, client-initiating outbound to the server. You follow? The client-initiated TCP session and then sends a port command and gets essentially an okay. And that's the data transfer in some sense on top of the TCP command. But think of it as, I'd need a rule that allows outbound. We'll get to that. Once that's done, the server now initiates a connection back to the client, and it basically comes from port 21 to the 5,006 port that I told you about in the content field of the port command. And then I say, okay, then we transfer data. So think of it this way, I'm a client, you're the server. I initiate something outbound to you saying, hey, this is the guy over here you're going to transfer data with. And then the server goes, okay, and then we shut down that TCP connection. Now, a new TCP connection comes from the server back to this guy to say, okay, you're ready to do data? He says, okay, and they transfer data. Do you follow? By directional. As you can see that cause problems a little bit. But do you see how, you have to look at how the protocol works. If somebody taps you on the shoulder and says, I need you to do security for FTP, you would go, okay, what do I need to do? And the answer is, you have to dig into the protocol. Look at this. Look, I have so many students that I've taught for 30 years who asked me, how do I become an expert network security engineer? And my answer, for 30 years has been first become an expert network engineer and understand the protocols, understand the plumbing, understand services. Because once you do, it becomes sort of obvious what you need to do. The security protections in some sense are just overlaid on the design. Security is an engineering attribute. Sort of like availability, reliability, dependability, security. These are properties of systems that takes on too much of a life of its own when things become hyper sort of highlighted as we've seen with cyber. One of the things that I think I'm happy to admit, is that I would like to see nothing better than for cyber security to become embedded in other disciplines. Like, would we be standing here having a deep discussion about dependability? Maybe we would. But we certainly don't bat an eyelash when we do it about security and they're both properties of systems. So in a subsequent video, we'll look at the firewall rules for FTP. But for now, I'll give you a chance to sort of lift the hood up on seeing how FTP works, and showing you that they're not all just sort of these obvious protocols that are easy to understand. So we'll be back in a subsequent video. We'll go through the firewall rules for FTP. I'll see you when we come back.
