Академический Документы
Профессиональный Документы
Культура Документы
1 of 6
http://www.jscape.com/blog/bid/80512/Active-v-s-Passive-FTP-Simplified
Company
Products
Solutions
Purchase
Support
Services
Blog
Blog
Managed File Transfer and Network
Solutions
Subscribe via
E-mail
Email *
87
Share
55
Like
Share
29
Latest Blog
Posts
How To Set Up A
HTTPS File
Transfer
posted at Tuesday,
December 30, 2014 7:21
AM
Securing Trading
Partner File
Transfers w/ Auto
PGP Encryption &
FTPS
posted at Monday,
December 29, 2014 2:32
PM
1/5/2015 11:31 PM
2 of 6
http://www.jscape.com/blog/bid/80512/Active-v-s-Passive-FTP-Simplified
PGP Encrypting
Every Single File
Uploaded By
Members Of A
Group
posted at Saturday,
December 27, 2014 7:42
PM
Note that the ports we are referring to here up to this point are only
the ports on the server side. We'll include client-side ports in our
discussion in a short while.
How To PGP
Encrypt Every
Single File
Uploaded By A
Particular User
posted at Friday,
December 26, 2014 2:55
PM
prevalent.
Here's a simplified explanation on how an active mode connection is
carried out, summarized in two steps. Some relevant steps (e.g.
ACK replies) have been omitted to simplify things.
1. A user connects from a random port on a file transfer client to
port 21 on the server. It sends the PORT command,
specifying what client-side port the server should connect to.
Posts by category
Managed File Transfer
(157)
JSCAPE MFT Server
(146)
News (80)
This port will be used later on for the data channel and is
different from the port used in this step for the command
channel.
(48)
Videos (43)
Tutorials (39)
Security (37)
Business Process
Automation (35)
Compliance (30)
AnyClient (26)
JSCAPE MFT Gateway
(23)
FTP (22)
(16)
Transfer (14)
for a server port to connect to for data transmission. When the FTP
server replies, it indicates what port number it has opened for the
ensuing data transfer.
Accelerated File
SFTP (14)
File Transfer Clients
1/5/2015 11:31 PM
3 of 6
http://www.jscape.com/blog/bid/80512/Active-v-s-Passive-FTP-Simplified
(13)
JSCAPE MFT Monitor
(13)
Triggers (12)
Data Loss Prevention
(11)
OpenPGP (9)
AS2 (5)
eDiscovery (5)
FTPS (5)
diagrams, one of the things that should really stand out are the
HIPAA (5)
PCI-DSS (5)
In this section, we'll focus on those second arrows and the ports
associated with them.
DLP (2)
opened up for the data channel, and the server initiates the
regular expressions
connection.
(2)
server. Here, the server specifies which server-side port the client
(1)
There shouldn't be any problem had there not been any firewalls in
Proxy (1)
SaaS (1)
1/5/2015 11:31 PM
4 of 6
http://www.jscape.com/blog/bid/80512/Active-v-s-Passive-FTP-Simplified
Of course, it's possible for the server side to have a firewall too.
However, since the server is expected to receive a greater number
of connection requests compared to a client, then it would be but
logical for the server admin to adapt to the situation and open up a
selection of ports to satisfy passive mode configurations.
1/5/2015 11:31 PM
5 of 6
http://www.jscape.com/blog/bid/80512/Active-v-s-Passive-FTP-Simplified
But then the more open ports you have, the more there will be to
exploit. To mitigate the risks, a good solution would be to specify a
range of ports on your server and then to allow only that range of
ports on your firewall.
Recommended Download
Does your FTP server already offer users the convenience of Single
Sign On access like OpenID or SAML? JSCAPE MFT Server does.
This Managed File Transfer server also allows you to share files via
FTP, SFTP, FTPS, and other file transfer protocols and runs on all
popular platforms (including Windows, Linux, Unix, AIX, Solaris, and
Mac OS/X). Download a free evaluation edition now.
1/5/2015 11:31 PM
6 of 6
http://www.jscape.com/blog/bid/80512/Active-v-s-Passive-FTP-Simplified
Download
JSCAPE MFT Server
1/5/2015 11:31 PM