Active and Passive FTP design and security...
Transcript of Active and Passive FTP design and security...
Active and Passive FTP design and security analysis
CSIT 560- Network SecuritySubmitted to- Prof. Dr. Stefan Robila
Md Afzal Hossain
ID-10905552Montclair state university
Md Afzal Hossain
Motivation of this project:One of the hottest topics in the IT industry today is security.
Security is a major concern with any computer connected to the internet, therefore any computer
connected to the internet should be protected. File transfer is among the most frequently used
TCP/IP applications and it accounts for a lot of the network traffic on the Internet. File Transfer
Protocol (FTP) is a TCP/IP protocol that exists to upload and download files between servers and
clients. FTP is a transfer protocol designed to aid in the moving of files from one location to
another over a network. Also FTPs are widely used to access the contents of web servers. By
knowing those information, I have always the question, is the FTP is secure to use, what is its
vulnerability. As a web developer I always to try understand how the FTP works. So I am more
curious to learn about it and willing to know about its vulnerability and attacks.
This project presents me the opportunity to conduct a detailed analysis of the two different types
of the FTP protocol, types of security vulnerability and attacks.The goal of this project will be to
detail describe FTP protocol processes to dispel some of the myths, analyze the two types of
protocol, design, FTP vulnerability and attacks.
Methodology:This is an analysis project. Hence, I started with understanding what is FTP,
FTP basic design, FTP types and how it works. For my project, I would like to analyze the
security issues in the File Transfer Protocol (FTP) and specific security vulnerabilitiesand attacks
in the FTP and how to mitigate those security issues. There would be a lab setup topology for
practical experiment also appropriate instructions will provided for practical experiment at the
end of the project in the Appendix section. The main methodology will be using the network
monitor analyzer tool to analyze the FTP security analysis.
Literature Review:For this project, I have researched and gathered many resources to help
to build my paper and to find out what is the purposes of FTP use, how to improve security using
alternative method ofFTP from hacking data and to guard to one’s privacy. I studied some
articles in order to gain my knowledge. However, I cited some articles that I feel more important
using IEEE citation, and following is the brief explanation.
Md Afzal Hossain
The article “Why FTP may forever be a security hole, and what you can do about it” is written
by Stephen Todd Redding [1] and published at SANS institute, year in 2002, he has explained in
this article about FTP’s purposes, the vulnerabilities and attacks and how to reduce the risks of
FTP issues.
Forouzan, B.A[2]in his article” TCP/IP: Protocol Suite” published in 2000, 1st ed. New Delhi,
India: Tata McGraw-Hill Publishing Company Limited. He described the architecture of FTP
and basic design of FTP. I have used this resource to defined the FTP type and FTP design.
"Securing FTP Using SSH — Nurdletech". [3] Nurdletech.com. Web. 21 Mar. 2016. That article gave me knowledge about alternative way to secure the FTP which I used building the secure FTP process.
Allman, M. "FTP Security Considerations". NASA Glenn/Sterling SoftwareMay 1999, Web[4]. 21 Mar. 2016. From that article I have studied about the FTP security attacks, I get knowledge about different types FTP based attack and what does the attack do.
Warnicke, Ed.[5] "Wireshark User’S Guide" (2014, Nov) Wireshark.org, Web. 21 Mar. 2016. I have learned the network capture from that article which is really important and I will use that technique throughout my FTP analysis.
Current status:I have already studied many references and gathered information on File
Transfer Protocol (FTP) and types of FTP that explain the FTP’s vulnerability and threats. I have
already designed the basic FTP and the FTP types: Active and Passive. For lab setup, I have
already configured the equipment what I need to setup for the lap. For this lab software and
hardware required as follows:
I. Windows 7 or Server or equivalent (2 no’s)
Md Afzal Hossain
II. FileZilla FTP Server & Client software
(http://filezilla-project.org/download.php?type=server)
III. Wireshark ( www.wireshark.org )/ Cisco packet tracer
IV. Switch.
I have installed VMware virtual machine with two windows virtual operating system. I have
installed FileZilla FTP server on the first windows server 2008 operating system. This become
the FTP server. On the other operating system, I have installed FileZilla FTP client, thus that
operating system become a FTP client. I have downloaded and installed Wireshark software on
the second Windows 7 system. I have studied about Wireshark tool that how does this capture or
monitor network traffic.
Abstract: Thisproject will detail analysis of the two different types of the FTP protocol, Active
and Passive. The designs of the protocols, which will include the TCP connection establishment
on the respective ports, will verify using live practical analysis with Wireshark protocol analyzer.
The different types of security vulnerabilities and attacks will target on a based application will
analyze.
Key Challenges: Key challenges in my project is identify the FTP vulnerabilities and FTP based
attacks. Will discuss what would be the mitigation for those vulnerabilities and different types of
FTP based attacks. By using live practical analysis with Wireshark protocol analyzer.
Basic FTP Design:
FTP stands for File transfer protocol. The protocol is built based on the client server architecture and uses TCP at the transport layer. FTP is used for transferring data between systems. FTP uses two different TCP connections for communication.
Md Afzal Hossain
1. FTP control: FTP control uses TCP port 21 for communication. The control connection is used by FTP client to initialize connection with the FTP server. User authentication process over FTP is also achieved over control connection.
2. FTP Data: FTP data uses TCP port 20 for communication. The data connection is used by FTP client to transfer data after the control connection is established.
FTP Types:
Active FTP:
In Active FTP, the client first establishes the TCP control connection on TCP port 21. The TCP 3-way handshake is used for this purpose. Once the control connection is established, the server initiates another TCP 3-way handshake from TCP port 20 which is the data connection on a port which was specified by the client during the control connection.
Passive FTP:
In Passive FTP, the client initiates and establishes the control connection on TCP port 21. The TCP 3-way handshake is used for this purpose. Once the control connection is established, the client initiates another TCP 3-way handshake on the random port which is specified by the server.
Win Server
FTP server (FileZilla
Win 7
FTP client
Control connection on TCP port 21 from client to server
Data connection from TCP port 20 from server to client
Win Server
FTP server (FileZilla
Win 7
FTP client
Control connection on TCP port 21 from client to server
Data connection on Random TCP port specified by the server after control connection is established
Md Afzal Hossain
Lab Setup for Live capture with Wireshark
Software and Hardware Requirement
To setup the lap for my experiment, I need to those hardware and software.1. Windows XP or equivalent ( 2nos)2. FileZilla FTP Server software (http://filezilla-project.org/download.php?type=server)3. Wireshark ( www.wireshark.org )/Cisco Packet Tracer4. Switch.
Lab Test: Below this is a live demonstration which I have tested for this project.
My virtual PC IP address- 192.168.1.100
And Server IP address- 192.168.1.254
Below the file contain the simulation design.
The FTP simulation file
Experiment:
Md Afzal Hossain
Figure: FTP lab setup
Figure: Server configuration
Md Afzal Hossain
Figure: FTP installed in server
Figure: PC configuration
Md Afzal Hossain
Figure: PC is connected with Server.
Figure: PC communicating with Server through web browser.
Md Afzal Hossain
Figure: FTP communication through PC to Server.
FTP Analysis:
From Cisco packet tracer I can simulate the FTP communication and capture the traffic. Below I
have uploaded the simulation.
Figure: FTP simulation and capture traffic.
As when I have installed the FTP server, I created the one account. Now in the simulation, I
opened the command prompt and connect ftp server. In meanwhile I turned on the capture traffic
Md Afzal Hossain
the interfaces. So I can see the FTP protocol. In the command prompt, I typed username and
password, which I see from the analyzer tool.
Figure: Interfaces capture (username captured in plain text)
So there is the username, which I have typed in order to login. The password also is viewable
from that traffic even though from command prompt it was invisible.
Md Afzal Hossain
Figure: Interface captured (Password is in plain text)
So I can see the FTP is very insecure protocol and it shows the confidential information in plain
text. FTP is not encrypted.
Future Work: So that all was for FTP analysis. In next 2 weeks I will hopefully test the two
types of FTP security analysis through Wireshark tool. Identify the FTP vulnerability and FTP
based attacks and could be draft of my report.
Md Afzal Hossain
References:[1] Stephen Todd Redding (2002) Why FTP may forever be a security hole, and what you can do
about it, Published at SANS institute 2002. Available: 25 Feb 2016.
https://www.giac.org/paper/gsec/748/ftp-security-hole-about/101645
[2] Forouzan, B.A(2000) TCP/IP: Protocol Suite” 1st ed. New Delhi, India: Tata McGraw-Hill
Publishing Company Limited, Published in 2000.
[3] Securing FTP Using SSH — Nurdletech". [online] Available: 21 Mar. 2016.http://www.nurdletech.com/linux-notes/ftp/ssh.html
[4] Allman, M (1999, May) FTP Security Considerations. NASA Glenn/Sterling SoftwareMay 1999. [online] Available: 21 Mar. 2016.https://tools.ietf.org/html/rfc2577
[5] Warnicke, Ed (2014, Nov) Wireshark User’S Guide. Wireshark.org. [online] Available: 21 Mar. 2016.https://www.wireshark.org/docs/wsug_html_chunked/index.html