FTP is an easy way to transfer files over the Internet and in this guide we'll explains the basics of using it, and how to set up a home FTP server in WindowsXP - Version 1.1.0
If you've ever tried to share a large number of files over the Internet, you've no doubt noticed that it is not the easiest thing in the world to do. Sure you can use MSN messenger to send things… One file at a time. You could email, but that's slow and limited by the size of your mailbox. Create a website? Doesn't seem worth the effort, and besides what if you want to receive files as well as share them? What if you want to make several directories’ worth of your files available to yourself over the Internet while you are traveling? You could use remote desktop software, but that typically has anemic file transfer options and slow performance. What's the solution? Why FTP of course!
What is FTP? FTP simply stands for File Transfer Protocol. As you might guess, it's a method of transferring data over a network or the Internet.
As far as basic operations are concerned, it's very similar to HTTP or Hypertext Transfer Protocol, the protocol that brings you your daily diet of (PCstats) web pages. It requires a server to serve the information, and client computers must connect to the server at the correct port, provide the correct credentials and be using software that can understand the data to be transferred.
In the case of HTTP, you use Internet Explorer, or an alternative Web Browser like Netscape or Mozilla. For FTP, you require FTP client software like Bulletproof FTP, WSFTP, or CuteFTP. FTP is the backbone of file transfers on the Internet, but unlike HTTP, it provides a means of allowing clients to upload files as well as download them, and is considerably easier to set up and maintain.
Most businesses that have a need to transfer files maintain an FTP server, and most Web Hosting businesses use FTP to allow their clients to upload the web pages to their servers.
One good way to picture an FTP site is as a section of files and directories on your computer that you choose to publish like a web page, so that anyone with the correct username and password can access the directories and transfer files to and from them. In fact, with the Windows XP FTP client, accessing an FTP server is done through explorer, so the content of the server appears like just another folder on your system.
The main advantage of FTP is the ease with which it can transfer files over the Internet or your network. Individual files or whole directories can be made available, allowing clients to choose what they wish to access.
Accessing an FTP site using Windows XP and Internet Explorer.
Windows XP contains a built in FTP client, used through Internet Explorer, which you can use to access FTP sites as if they were directories on your computer. To do this, you simply need to enter the address of the FTP server into the address bar in Internet Explorer.
Let's take a closer look at a typical FTP address to see what it's made of: FTP://67.68.255.65 (this IP address doesn't exist, so no need to click ;-). This example address simply uses the IP address of the server computer, with the 'ftp://' at the start to inform Internet Explorer that it is looking to connect to an FTP site.
Controlling Anonymous Access
FTP can also use DNS (Domain Naming System) addresses, as seen on the World Wide Web. For example: ftp://ftp.pcstats.com would make Internet Explorer attempt to connect to port 21 of the computer 'ftp' in the domain pcstats.com.
If you are connecting to an FTP site that has anonymous access disabled, meaning that you will have to enter a username and password to connect successfully, you must put your username into the address. For example: ftp://mike@67.68.255.65 or ftp://mike@ftp.pcstats.com
Assuming the username is correct, a password window will open so you can authenticate yourself and then enter the FTP site.
If the FTP site you are trying to connect to uses an alternate port instead of the default port 21, you will also have to specify this. For example, if the server were using port 1056 you would enter: FTP://67.68.255.65:1056 or ftp://mike@ftp.pcstats.com:1056
Essentially, FTP addresses can be entered into the IE address bar just as you would WWW addresses, with the only catch being that you must put the ftp:// before the rest of the address, otherwise Internet Explorer will assume that you are trying to connect to a website and not an FTP server. Websites use port 80 by default.
Once you have connected to the FTP site, you are presented with a directory window of its contents, which you can manipulate as if it was a directory on your local computer (subject to the permissions you have in the FTP site, of course). You can open files, copy and paste into your other directories, and copy from your computer to the FTP site if you have write permission. Very simple.
Setting up an FTP site Using Windows XP Professional
Windows XP professional (as well as Windows 2000) includes Microsoft's IIS (Internet Information Server) which can be used to create an FTP site on your computer. It's a fair bit less complicated and less flexible than using some third-party FTP server software packages, so we will give you guides for setting up both. If you are using XP Home you will need to use third-party software. There is no way to publish an FTP site with the Home Edition of XP.
The first step is to check that IIS (Internet Information Services, Microsoft's web-server application) is configured properly.
Go to start\'control panel'\'add/remove programs'\ choose the 'add/remove windows components' button from the bar on the left. Highlight the item 'Internet information services (IIS)' If it is unchecked, check it, then click 'details.'
The components you will need are: 'common files,' 'file transfer protocol (FTP) service' and 'internet information services snap-in.' Uncheck any others then click next. IIS will configure itself, and you may be prompted for the XP CD.
Configuring the FTP site Controls
After IIS has been installed, an FTP site is automatically created for the directory 'c:\inetpub\ftproot.' Of course, this directory is currently empty. It is also completely unsecured, allowing anyone who enters ftp://(your IP address) in their browser or FTP client to connect to your computer. Next step is to configure your new site.
Go to start\control panel and select the 'switch to classic view' option in the upper left corner. From the classic control panel window, select 'administrative tools,' then 'internet information services.'
From here, expand '(local computer)' and 'FTP sites' until you have 'default FTP site' in the left hand pane. Right click on 'default FTP site' and select rename if you would like it to be called something a bit more catchy. After all, it's your site now.
Now, right click on your site and select 'properties.'
This window is the life-blood of your FTP site. Let's get familiar with it. The first tab, 'FTP site,' allows you to rename the site, set the port through which users can connect (leave it at 21 for now), set connection and logging information and view who is currently connected to your FTP site.
The connection section of this tab has two parts, the 'limited to:' box sets the maximum amount of users that can connect to you FTP site at the same time. Note that with XP Professional, the maximum is always 10 concurrent users. You can set this to less if you'd like.
WinXP FTP Security Controls
The 'connection timeout' box shows the amount of time a connected user will be allowed to remain idle before being disconnected. By clicking the 'current sessions' button at the bottom, you can view who is currently connected to your FTP site, and if you wish, disconnect them.
The next tab 'security accounts,' controls whether anonymous users (that means everyone) are allowed to access your FTP site or not. As mentioned above, by default anyone can access your FTP site without a username or password. IIS uses a built-in user account with a defined set of restrictions to authenticate anyone who connects. This user account, the 'IUSR_(computername) account, is created when IIS is installed, and is also used to allow access to websites you may publish. It is restricted from accessing non-IIS parts of your Windows system.
To be honest, there is not really a correct choice for this setting. If you allow anonymous access, anyone can connect to your FTP site and view any files that you place there. Disabling anonymous access has its own set of risks, however, which we will cover in the 'FTP security' section below. For now, leave anonymous access enabled. The next section, 'messages,' simply allows you to set various text messages which users connecting to your site will see. Fairly self-explanatory.
Third-party FTP software
The fourth tab, 'home directory,' allows you to configure which directory (folder) in your system will be accessed by the FTP site. In the 'FTP site directory' section, you can choose this directory, and designate whether connected users will have permission to write to and/or read from the site, and whether their visits will be logged.
Choose the directory you wish to share files from, or leave it at the default and simply copy files you wish to make available into the directory using explorer.
Setting up an FTP site with third-party software
Since many PCstats readers may be using XP Home or Windows 9x/ME which do not include IIS and thus cannot be used to create FTP sites, we thought we'd run through creating an FTP server using third-party software. In this case we've chosen the popular Serv-U program by RhinoSoft.
We chose Serv-U because its personal edition is free for non-commercial use, and it is quite easy to grasp for neophyte users. Serv-U offers some additional security and flexibility over the IIS implementation of FTP, at least with Windows XP. Let's look at setting it up...
Once you have downloaded and installed the software, start it up. The setup wizard will run. Press 'next' three times to start the FTP server. You will be prompted for your IP address. Leave it blank. Press 'next.'
You are asked to name your 'domain' (Serv-U's name for your FTP site). Choose whether you wish Serv-U to start automatically when you boot Windows, or to start only when you run the program from the desktop.
Configuring Serv-U
The next screen brings the first major difference between Serv-U and Microsoft's IIS. You are asked whether you wish to allow anonymous access, meaning that anyone will be able to log into your FTP site by using a special 'anonymous' user account created for this purpose.
The difference here is that the anonymous account created resides only within the Serv-U program, as do all other accounts you will create for accessing this FTP site. Separating Windows user accounts from the accounts you create to access the FTP site adds a layer of security. If you do not choose to use anonymous access, you will have to create user accounts within Serv-U with permission to access you site. More on this in a moment...
If you elected to allow anonymous access, you will be prompted for a directory, which will serve as the 'home base' for anonymous users. When they connect, they will see the directory you specify here first.
Once you enter the directory you will be asked if you wish to limit anonymous users to this directory only, or allow them to browse through to other directories. This brings up the second major difference between Serv-U along with most other third-party FTP servers and the Windows implementation of FTP: you are not limited to a single directory.
Of course, you may want to be limited to a single directory, as it makes keeping a handle on things much simpler, but we digress. For the time being, choose to lock anonymous users into the directory you specified.
You will now be prompted to create 'named accounts' which are user accounts with passwords analogous to those seen in Windows, except that these are used only for FTP access within Serv-U.
For the time being, create a named account and password of your choice and give that user a different initial directory than the one you previously assigned to anonymous users. When prompted, choose not to lock the named user into his home directory. The final question the setup wizard will ask is whether you wish to give the user you just created any administrative privileges, allowing him to configure the FTP site remotely. We will answer 'no' to this one for a simple reason. Remote Access is disabled in the 'personal' edition of Serv-U.
The version you are using is the evaluation version which contains all the features of the Professional edition, but reverts to the personal edition if not purchased within 30 days. This tutorial is based around the features available in the personal edition.
Creating FTP User Accounts
Once you have completed the setup wizard, you will be presented with the full Serv-U window. Your FTP site is now up and running. Test it from another computer using the method listed in the first section.
As you might notice, it's a good deal more complicated than the Windows implementation of FTP. The first thing we will do here is expand 'local server' and 'domains' until you can see the domain that you created. Expand that too.
While we don't have the space to go over all the options available to you in this program, we will cover a few important ones. For more help, consult the Serv-U help files or their website. First, in the 'settings' menu, go to the 'IP access' tab. This section allows you to block or allow individual computers to access your site based on their IP address.
The 'activity' option allows you to view users connected to your domain. By right clicking on a connected user, you can send a message to him or her, disconnect them, stop their data transfers or even eavesdrop on the commands they are sending to your server. The 'users' option contains the user accounts you have created within Serv-U.
You will notice that the anonymous account is here, along with the named account that you created. Select the named account in the left-hand pane. From the user properties menu, you have several options: From the 'accounts' tab you can disable users and change their home directories.
The 'directory access' tab is extremely important, as it controls the rights this user will have once he is connected to your FTP site. For example, if you only wish clients to be able to read and copy files from your FTP site, give them the 'read' file permission and the 'list' directory permission. If you want them to be able to add and edit files, you must assign the 'write' and 'append' file permissions, etc.
This gives you a good starting idea of how to use Serv-U to set up your own FTP site. Be aware that the version you are using will revert to the personal version after 30 days. The limitations of the personal version are: 1 domain only, maximum of 5 users, one concurrent connection only, and no encryption. None of these are a problem if you wish to create a site to enable you to access your files remotely or allow a friend to download from your system.
FTP and firewalls
If you use some form of hardware or software firewall to protect your computer, you will probably need to do a little more work to get FTP to operate correctly.
Software firewalls and FTP
The two most common software firewalls are the built-in Windows XP firewall and Zonealarm by Zone Labs. To configure the Windows XP firewall to allow FTP access: Go to start\control panel\network connections, right click on the icon for your Internet connection and select 'properties.'
Go to the 'advanced' tab and click the 'settings' button to configure your firewall (ensure that the firewall is enabled first; if it is enabled there will be a check in the 'protect my computer…' box).
From the 'services' tab, simply place a checkmark in the 'FTP server' box. This will allow FTP traffic on port 21 to enter your computer. Press 'ok.'
To configure Zonealarm to allow FTP access
From the main Zonealarm window, select 'program control.'
If you are using Window's built in FTP server, you need find the entry for 'internet information services' and place checkmarks next to 'access\internet' and 'server\internet.'
If you are using Serv-U or some other third party program, locate the program on the list (if it is not present, click 'add' and browse to the program's executable file to add it to the list) and again place checkmarks next to 'access\internet' and 'server\internet.'
This will allow your FTP site to send and receive information through the Zonealarm firewall.
Configuring hardware firewalls for FTP
Home Internet sharing devices like Cable/DSL routers are very common, and almost all come with some form of firewall that is enabled by default. To successfully pass FTP traffic through these devices, you will need to create a 'virtual server' entry in the setup of your Internet sharing device. Pictured below is an example of this from an SMC Barricade home DSL/cable router.
A virtual server is an instruction to your Internet sharing device telling it to forward any traffic it receives on a specified port to a specific computer inside your network. For example, if you create a virtual server for port 21, IP address 192.168.5.220, your internet sharing device will listen for traffic coming in on port 21, then pass that traffic through the firewall to the computer with that IP address.
Though the instructions will vary depending on the brand of your device, what you will need to do is find the 'virtual server' setup section (or equivalent), and specify the IP address of the computer that is running the FTP server (to find this, go to start\run and type 'cmd' then 'ipconfig.'). You will need to enter port 21 for data coming into and out of the router.
Once this is saved, FTP information will be able to pass through your firewall. For more information on firewalls and their configuration, see our Beginner's guide to firewalls and Internet security here.
FTP security
Important topic. The problem with FTP is that, by default, it is an extremely insecure protocol. Usernames and passwords are not encrypted in any way when they are sent from the client to the server, and so are prime targets for anyone intercepting network packets between your server and your clients.
This is the reason that the Windows FTP server software recommends that you use only anonymous access for your FTP site, as the alternative is to use valid user accounts from your XP installation.
If these credentials are intercepted, they could be used to severely compromise the security of your entire system, never mind your FTP site. Hence the recommended practice for home users is to allow anonymous access to the FTP site directory and simply not place sensitive files there. Obviously, this is not going to meet everyone's needs, so there are alternative methods of securing FTP transactions.
Generally speaking, these involve using SSL (Secure Socket Layer) or some other encryption method to encrypt the plain FTP information, creating a secure channel between the client and server. Ffor more information on SSL and other methods of encryption, see PCstats' Beginners Guide to encryption here .
Most third-party FTP server software packages support encryption as part of the FTP program itself, but using IIS for Windows XP, the only possible method of security is to use a method that encrypts all traffic between the server and a specific client, such as a VPN (Virtual Private Network).For more information on how to set up Virtual Private Networks, see PCstats' Guide.
Serv-U supports creating an SSL certificate within the program for encrypting traffic, but only in their commercial versions of the program. The free personal edition does not have this feature.
So to sum up, unless you have specifically placed security measures, assume that all FTP traffic is inherently insecure. Therefore, don't put data in your FTP site that you would not want seen by the general public. Don't be scared away from it though, since the fact that anyone can access your FTP site does not affect the security of the rest of your system unless you are using your Windows user accounts with IIS.