Active and Passive FTP design and security analysis

CSIT 560- Network SecuritySubmitted to- Prof. Dr. Stefan Robila

Md Afzal Hossain

ID-10905552Montclair state university

Md Afzal Hossain

Motivation of this project:One of the hottest topics in the IT industry today is security.

Security is a major concern with any computer connected to the internet, therefore any computer

connected to the internet should be protected. File transfer is among the most frequently used

TCP/IP applications and it accounts for a lot of the network traffic on the Internet. File Transfer

Protocol (FTP) is a TCP/IP protocol that exists to upload and download files between servers and

clients. FTP is a transfer protocol designed to aid in the moving of files from one location to

another over a network. Also FTPs are widely used to access the contents of web servers. By

knowing those information, I have always the question, is the FTP is secure to use, what is its

vulnerability. As a web developer I always to try understand how the FTP works. So I am more

curious to learn about it and willing to know about its vulnerability and attacks.

This project presents me the opportunity to conduct a detailed analysis of the two different types

of the FTP protocol, types of security vulnerability and attacks.The goal of this project will be to

detail describe FTP protocol processes to dispel some of the myths, analyze the two types of

protocol, design, FTP vulnerability and attacks.

Methodology:This is an analysis project. Hence, I started with understanding what is FTP,

FTP basic design, FTP types and how it works. For my project, I would like to analyze the

security issues in the File Transfer Protocol (FTP) and specific security vulnerabilitiesand attacks

in the FTP and how to mitigate those security issues. There would be a lab setup topology for

practical experiment also appropriate instructions will provided for practical experiment at the

end of the project in the Appendix section. The main methodology will be using the network

monitor analyzer tool to analyze the FTP security analysis.

Literature Review:For this project, I have researched and gathered many resources to help

to build my paper and to find out what is the purposes of FTP use, how to improve security using

alternative method ofFTP from hacking data and to guard to one’s privacy. I studied some

articles in order to gain my knowledge. However, I cited some articles that I feel more important

using IEEE citation, and following is the brief explanation.

Md Afzal Hossain

The article “Why FTP may forever be a security hole, and what you can do about it” is written

by Stephen Todd Redding [1] and published at SANS institute, year in 2002, he has explained in

this article about FTP’s purposes, the vulnerabilities and attacks and how to reduce the risks of

FTP issues.

Forouzan, B.A[2]in his article” TCP/IP: Protocol Suite” published in 2000, 1st ed. New Delhi,

India: Tata McGraw-Hill Publishing Company Limited. He described the architecture of FTP

and basic design of FTP. I have used this resource to defined the FTP type and FTP design.

"Securing FTP Using SSH — Nurdletech". [3] Nurdletech.com. Web. 21 Mar. 2016. That article gave me knowledge about alternative way to secure the FTP which I used building the secure FTP process.

Allman, M. "FTP Security Considerations". NASA Glenn/Sterling SoftwareMay 1999, Web[4]. 21 Mar. 2016. From that article I have studied about the FTP security attacks, I get knowledge about different types FTP based attack and what does the attack do.

Warnicke, Ed.[5] "Wireshark User’S Guide" (2014, Nov) Wireshark.org, Web. 21 Mar. 2016. I have learned the network capture from that article which is really important and I will use that technique throughout my FTP analysis.

Current status:I have already studied many references and gathered information on File

Transfer Protocol (FTP) and types of FTP that explain the FTP’s vulnerability and threats. I have

already designed the basic FTP and the FTP types: Active and Passive. For lab setup, I have

already configured the equipment what I need to setup for the lap. For this lab software and

hardware required as follows:

I. Windows 7 or Server or equivalent (2 no’s)

Md Afzal Hossain

II. FileZilla FTP Server & Client software

(http://filezilla-project.org/download.php?type=server)

III. Wireshark ( www.wireshark.org )/ Cisco packet tracer

IV. Switch.

I have installed VMware virtual machine with two windows virtual operating system. I have

installed FileZilla FTP server on the first windows server 2008 operating system. This become

the FTP server. On the other operating system, I have installed FileZilla FTP client, thus that

operating system become a FTP client. I have downloaded and installed Wireshark software on

the second Windows 7 system. I have studied about Wireshark tool that how does this capture or

monitor network traffic.

Abstract: Thisproject will detail analysis of the two different types of the FTP protocol, Active

and Passive. The designs of the protocols, which will include the TCP connection establishment

on the respective ports, will verify using live practical analysis with Wireshark protocol analyzer.

The different types of security vulnerabilities and attacks will target on a based application will

analyze.

Key Challenges: Key challenges in my project is identify the FTP vulnerabilities and FTP based

attacks. Will discuss what would be the mitigation for those vulnerabilities and different types of

FTP based attacks. By using live practical analysis with Wireshark protocol analyzer.

Basic FTP Design:

FTP stands for File transfer protocol. The protocol is built based on the client server architecture and uses TCP at the transport layer. FTP is used for transferring data between systems. FTP uses two different TCP connections for communication.

Md Afzal Hossain

1. FTP control: FTP control uses TCP port 21 for communication. The control connection is used by FTP client to initialize connection with the FTP server. User authentication process over FTP is also achieved over control connection.

2. FTP Data: FTP data uses TCP port 20 for communication. The data connection is used by FTP client to transfer data after the control connection is established.

FTP Types:

Active FTP:

In Active FTP, the client first establishes the TCP control connection on TCP port 21. The TCP 3-way handshake is used for this purpose. Once the control connection is established, the server initiates another TCP 3-way handshake from TCP port 20 which is the data connection on a port which was specified by the client during the control connection.

Passive FTP:

In Passive FTP, the client initiates and establishes the control connection on TCP port 21. The TCP 3-way handshake is used for this purpose. Once the control connection is established, the client initiates another TCP 3-way handshake on the random port which is specified by the server.

Win Server

FTP server (FileZilla

Win 7

FTP client

Control connection on TCP port 21 from client to server

Data connection from TCP port 20 from server to client

Win Server

FTP server (FileZilla

Win 7

FTP client

Control connection on TCP port 21 from client to server

Data connection on Random TCP port specified by the server after control connection is established

Md Afzal Hossain

Lab Setup for Live capture with Wireshark

Software and Hardware Requirement

To setup the lap for my experiment, I need to those hardware and software.1. Windows XP or equivalent ( 2nos)2. FileZilla FTP Server software (http://filezilla-project.org/download.php?type=server)3. Wireshark ( www.wireshark.org )/Cisco Packet Tracer4. Switch.

Lab Test: Below this is a live demonstration which I have tested for this project.

My virtual PC IP address- 192.168.1.100

And Server IP address- 192.168.1.254

Below the file contain the simulation design.

The FTP simulation file

Experiment:

Md Afzal Hossain

Figure: FTP lab setup

Figure: Server configuration

Md Afzal Hossain

Figure: FTP installed in server

Figure: PC configuration

Md Afzal Hossain

Figure: PC is connected with Server.

Figure: PC communicating with Server through web browser.

Md Afzal Hossain

Figure: FTP communication through PC to Server.

FTP Analysis:

From Cisco packet tracer I can simulate the FTP communication and capture the traffic. Below I

have uploaded the simulation.

Figure: FTP simulation and capture traffic.

As when I have installed the FTP server, I created the one account. Now in the simulation, I

opened the command prompt and connect ftp server. In meanwhile I turned on the capture traffic

Md Afzal Hossain

the interfaces. So I can see the FTP protocol. In the command prompt, I typed username and

password, which I see from the analyzer tool.

Figure: Interfaces capture (username captured in plain text)

So there is the username, which I have typed in order to login. The password also is viewable

from that traffic even though from command prompt it was invisible.

Md Afzal Hossain

Figure: Interface captured (Password is in plain text)

So I can see the FTP is very insecure protocol and it shows the confidential information in plain

text. FTP is not encrypted.

Future Work: So that all was for FTP analysis. In next 2 weeks I will hopefully test the two

types of FTP security analysis through Wireshark tool. Identify the FTP vulnerability and FTP

based attacks and could be draft of my report.

Md Afzal Hossain

References:[1] Stephen Todd Redding (2002) Why FTP may forever be a security hole, and what you can do

about it, Published at SANS institute 2002. Available: 25 Feb 2016.

https://www.giac.org/paper/gsec/748/ftp-security-hole-about/101645

[2] Forouzan, B.A(2000) TCP/IP: Protocol Suite” 1st ed. New Delhi, India: Tata McGraw-Hill

Publishing Company Limited, Published in 2000.

[3] Securing FTP Using SSH — Nurdletech". [online] Available: 21 Mar. 2016.http://www.nurdletech.com/linux-notes/ftp/ssh.html

[4] Allman, M (1999, May) FTP Security Considerations. NASA Glenn/Sterling SoftwareMay 1999. [online] Available: 21 Mar. 2016.https://tools.ietf.org/html/rfc2577

[5] Warnicke, Ed (2014, Nov) Wireshark User’S Guide. Wireshark.org. [online] Available: 21 Mar. 2016.https://www.wireshark.org/docs/wsug_html_chunked/index.html