What OSI Layer 4 protocol does FTP use to guarantee data delivery?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The OSI model of networking provides users with an abstract way of understanding the relationships between networking protocols. The fourth layer of that model, the transport layer, is responsible for ensuring successful end-to-end communications. The two most common layer four protocols are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). As with many Internet protocols, the File Transfer Protocol (FTP) uses the Transmission Control Protocol (TCP) to provide guaranteed delivery on top of the Internet Protocol (IP).
If you're planning to use FTP in your environment, I'd advise carefully considering the business case for that implementation to ensure that there is a true need for the protocol.
It's important to remember that FTP is an inherently insecure protocol, as it does not use any type of encryption, even for authentication. The usernames, passwords and data transmitted via FTP are open to eavesdropping as they cross the Internet. Unless you're planning a public access site that allows downloads without having to provide personal credentials, I'd strongly recommend that you consider the use of a secure alternative, such as Secure FTP (SFTP).
Again, I can't stress strongly enough that FTP alone is not secure. It should only be used in two cases: running a public access anonymous download site and running an internal file service that is protected against eavesdropping by other means, such as network segmentation.
- A SearchSecurity.com reader asks platform security expert Michael Cobb, "Which operating system can best secure an FTP site?"
- Learn how some companies are investing in secure FTP suites to give employees and business partners the ability to transfer large files.
Dig Deeper on Network Protocols and Security
Related Q&A from Mike Chapple
The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get ...continue reading
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best ...continue reading
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.