Users of networked computer systems desire to transfer data reliably and efficiently to and from other networked computer systems. File transfer protocol (hereinafter “FTP”) is a service that runs on Transmission Control Protocol/Internet Protocol (hereinafter “TCP/IP”) networked computer systems and provides for the ability to send and receive data to and from a plurality of TCP/IP networked computer systems. FTP has been used as a reliable method for transferring data for decades, in part because FTP moves large amounts of data efficiently and performs error checking to ensure accuracy. FTP enables a user of a computer system to log on to a remote computer system while maintaining local file and directory control. Furthermore, FTP allows users to transfer data to and from their computer systems in a plurality of data formats, for example binary data and ASCII text data.
A FTP session typically begins with a user identifying a uniform resource locator (hereinafter “URL”) or, alternatively, an Internet Protocol (hereinafter “IP”) address of a remote computer system. Computer systems that provide FTP services are referred to herein as “FTP servers.” FTP servers are configured to provide private and/or public access to their data. FTP servers that provide private access require remote users to have proper authorization (e.g., authorized user identifications and passwords) in order to access data. FTP servers that provide public access permit users to be identified simply as “anonymous,” and any (or even no) password enables access to data on the FTP server.
The abundance of users on global computer networks such as the Internet has encouraged the development of FTP “front-end” applications to provide user-friendly interfaces for data transfers to and from FTP servers. Such FTP front-end applications are installed on an end-user's computer system, and are referred to herein as “FTP client programs.” FTP client programs communicate with FTP servers and implement essential elements of file transfer protocol without significant user intervention. For example, the need to “manually” type commands on a command line in order to effect data transfer between the FTP client program and a FTP server is eliminated. A plurality of FTP functions, for example downloading data, uploading data, listing files in directories and the like are performed via screen menus and other graphical user interface controls which dramatically simplify the FTP process for end-users.
FTP client programs typically initiate communication with FTP servers on logical communication port number 21. Logical communication port 21 is a “well-known” port that is usually reserved for FTP, and is not used by networked computer systems in other TCP/IP services (e.g., hypertext transfer protocol service). For example, a user connects to a FTP server having a particular IP address (e.g., 113.115.125.431) on logical communication port 21. The combination of a computer system's IP address and port number is referred to herein as a “socket,” meaning a TCP socket.
Many publicly accessible FTP servers are registered with an Internet domain name server (hereinafter “DNS”), and have a DNS entry to simplify access. For example, a user can easily enter a well known DNS entry, e.g., ftp.lucasarts.com (a popular FTP server provided by Lucas Arts®, Inc.), and the corresponding IP address for ftp.lucasarts.com will be automatically provided by the DNS server. Furthermore, the FTP client program will communicate automatically with the FTP server on logical communication port 21 and implement the requirements of the protocol, for example, necessary syntax structure.
Once a FTP server receives a connection request from a FTP client program on logical communication port 21, the FTP server replies, usually by prompting the FTP client program for a User ID and associated password for authorization. Once the ID and password are authorized, the FTP server creates a FTP session.
The communication session between a FTP client program and a FTP server initially occurs over a “command channel.” The command channel takes place on the IP address of the FTP server and logical communication port 21 and does not effect any transfer of data files. In order to transfer data files or respond to commands issued over the command channel between the FTP server and the FTP client program, a new socket pair (inherent in a TCP session) must be opened between the FTP server and FTP client to define a “data channel” over which data will be transferred.
At least two types of FTP client software program systems are available: passive and active. In a passive FTP client program, the FTP server identifies and opens a new socket for transferring data on the data channel. The new socket information is transmitted to the passive FTP client program and the passive FTP client program uses the newly opened socket on the FTP server to initiate a session from the FTP client to the FTP server for data transfers. In contrast, an active FTP client program identifies a new socket for communicating data requests, and the FTP server opens a corresponding logical communication port and a new session is initiated from the FTP server to the FTP client. The present invention preferably uses passive mode. Continuing now with the above example, after a specific data request has been received (e.g., a request for a directory listing), the FTP server identified by ftp.lucasarts.com informs a passive FTP client program over the command channel that data will be provided on a newly opened logical communication port which is dynamically assigned by the FTP server and unknown to the FTP client (e.g., port 1025) on the FTP server. The combination of the IP address of ftp.lucasarts.com and the newly opened logical communication port 1025 is the socket that will be used for the data channel. The new IP address and port number for the data channel is transmitted to the passive FTP client program.
The FTP client then initiates the session with the FTP server over the received IP address and port number and receives the data. Once complete, the socket used for the data channel after the data is successfully received by the passive FTP client program is closed. Any additional data requests by the passive FTP client program (e.g., a request for a file) are again transmitted to ftp.lucasarts.com over the command channel. The passive FTP client program thereafter receives another reply from ftp.lucasarts.com over the command channel that includes yet another new socket (e.g., the IP address of ftp.lucasarts.com and logical communication port 1030). This new socket is used for transferring the requested file over the data channel. The passive FTP client program retransmits its request to the FTP server for the file over the data channel using the newly identified socket, and the FTP server transmits the requested file over the data channel. At the end of the transmission, the new socket for the data channel is closed. This process continues while the passive FTP client program issues commands to the FTP server. The proliferation of users and services on global computer networks, such as the Internet, raises many security concerns for both users and service providers. Users want the data they submit to providers and the data they receive from providers to be free from unauthorized interruption and use. Similarly, service providers want their hosts and systems to be secured from unauthorized access or other types of intrusions by “hackers.” Service providers, especially those involved with financial services, view their computing hardware and software platforms as critical assets. The protection of these assets is a paramount concern.
Service providers attempt to secure their hosts by interposing firewalls between their hosts and the user community. Firewalls are typically programmed to restrict inbound (defined herein as originating from outside a private network) access for a particular set of users and/or a particular set of hosts and/or ports, i.e., services. Firewalls are also typically programmed to restrict data traffic to specific sockets on host systems, thereby preventing the flow of data to unrecognized sockets.
Additional network security measures include the use of proxy servers that are typical personal computer servers installed to provide communications with client and server systems. In a system using a proxy server, the client system communicates with a proxy server which in turn communicates with a host. In such a configuration, a user of a passive FTP client program establishes a session with a proxy server and the proxy server establishes a session with a FTP server. Data requests sent over the command channel and data provided over the data channel are forwarded to and from proxy servers, thus enabling the passive FTP client program to send and receive data to and from a FTP server using a passive FTP client program. Proxy servers do not necessarily require any special operating system enhancements in order to function as proxy servers. However, some control programs typically run on proxy servers which can be written in any language suitable for programming, such as C++ or Java.
FIG. 1 shows an example of a typical prior art security hardware arrangement. In the example shown, the passive FTP client system 2 is coupled to private network 8, which is, for example, a corporation's intra-network such as a local area network (LAN) or a wide area network (WAN). Public network 6 is a global computer network such as the Internet. Firewall 10 is interposed between public network 6 and private network 8 and can include proxy services. Firewall 10 is configured such that users of the passive FTP client system 2 are permitted to initiate outbound communications with FTP servers 4 in order to transfer data to and/or from the FTP server 4 through public network 6. Firewall 10 is configured to reject inbound requests originating from systems outside of private network 8. Other configurations involving the use of firewalls and proxy servers are known and enable service providers to secure their hosts from systems outside of private network 8.
Continuing with the security arrangement shown in FIG. 1, a passive FTP client system 2 initiates a session request with the FTP server 4, for example by entering the URL of the FTP server 4 in the passive FTP client program. The passive FTP client program automatically provides the well-known logical communication port 21 to transmit the session request to the FTP server 4. After the FTP server 4 authorizes the user of the passive FTP client program, a command channel is established. When the FTP server 4 receives a request for data, the FTP server 4 transmits a new socket to the passive FTP client system 2 over which data will be transmitted. The passive FTP client system 2 re-transmits its request for data to the new socket, and a data channel is established between the FTP server 4 and the passive FTP client system 2.
To accommodate the FTP client initiating a session with a FTP server over the received IP address and port of the FTP server, the firewall 10 opens and closes corresponding logical communication ports to enable data packets to pass between the passive FTP client system 2 and the FTP server 4. If the firewall 10 doesn't open a new communication port each time a new FTP client initiates a new session request to the FTP server, the data packets transmitted over the data channel are blocked because the FTP server IP address and port number are not recognized as a permitted outbound request by the firewall 10. After requested data are sent to the passive FTP client system 2 by the FTP server 4 over the data channel, the FTP server 4 and the firewall 10 dynamically close the corresponding logical communication ports until the next data channel transmission.
As noted above, each data channel data transmission that occurs during a FTP session takes place on a different socket on the FTP server 4. Therefore, due to the nature of FTP, firewall 10 must open and close corresponding logical communication ports for each data channel transmission. In a large networked environment wherein many passive FTP client systems 2 request data from a plurality of FTP servers, the number of ports opened and closed on the firewall 10 can be very high.
Providing for a dynamic opening and closing of ports on a firewall is problematic. The use of voluminous logical communication ports results in potential security exposures. Furthermore, significant administrative resources are required to configure a firewall to allow communication over a large range of sources and destinations.
Currently, no system is available which permits a client system to transfer data using FTP by way of a client proxy system configured to enable FTP services over a single outbound connection.