Know and understand internet protocols including HyperText Transfer Protocol (HTTP), HyperText Transfer Protocol secure variant (HTTPS), File Transfer Protocol (FTP), Secure Socket Layer (SSL)
This set of notes covers the key internet protocols that are examined in the Cambridge IGCSE ICT (0417) syllabus. You should be able to describe the purpose, operation and security aspects of each protocol.
1. HyperText Transfer Protocol (HTTP)
HTTP is the foundation of data communication on the World Wide Web. It is a request‑response protocol used by web browsers and servers.
Purpose: Transfer hypertext documents (HTML, CSS, JavaScript, images, etc.) between client and server.
Default port: 80
Stateless: Each request is independent; the server does not retain session information unless additional mechanisms (cookies, sessions) are used.
HTTPS is the secure version of HTTP. It encrypts the data exchanged between client and server using SSL/TLS, protecting confidentiality and integrity.
Purpose: Secure transmission of sensitive information (e.g., login credentials, credit‑card numbers).
Default port: 443
How it works:
Client initiates a TLS handshake with the server.
Server presents its digital certificate (issued by a trusted Certificate Authority).
Both parties negotiate a symmetric session key.
All subsequent HTTP messages are encrypted with this session key.
Indicators of a secure site: URL begins with https://, a padlock icon in the browser, and a valid certificate.
3. File Transfer Protocol (FTP)
FTP is used for transferring files between a client and a server on a network.
Purpose: Upload, download, delete, rename, and manage files on a remote server.
Default ports: 21 for control commands, 20 for data transfer (active mode). Passive mode uses a random high port for data.
Modes of operation:
Active mode: Server initiates the data connection to the client.
Passive mode: Client initiates both control and data connections, useful when client is behind a firewall.
Security considerations: Standard FTP transmits credentials and data in clear text. Secure alternatives include FTPS (FTP over SSL/TLS) and SFTP (SSH File Transfer Protocol).
4. Secure Socket Layer (SSL) / Transport Layer Security (TLS)
SSL (now superseded by TLS) provides encryption for data transmitted over a network. It is the underlying technology that secures HTTPS, FTPS, and many other protocols.
Purpose: Ensure confidentiality, integrity, and authentication of data in transit.
Key concepts:
Handshake: Negotiates protocol version, cipher suite, and authenticates the server (and optionally the client).
Cipher suite: Combination of encryption algorithm (e.g., AES), key exchange method (e.g., RSA, Diffie‑Hellman), and hash function (e.g., SHA‑256).
Certificates: Digital documents that bind a public key to an entity’s identity, issued by a Certificate Authority (CA).
Versions: SSL 1.0 (never released), SSL 2.0, SSL 3.0 (deprecated), TLS 1.0‑1.3 (current). Use the latest supported version for maximum security.
Comparison of the Protocols
Protocol
Primary Use
Default Port(s)
Secure \cdot ariant
Typical Security Mechanism
HTTP
Web page transfer
80
HTTPS
SSL/TLS encryption
HTTPS
Secure web page transfer
443
—
SSL/TLS (certificate authentication)
FTP
File transfer
21 (control), 20 (active data)
FTPS
SSL/TLS (explicit or implicit)
SSL/TLS
Encryption layer for other protocols
Varies (depends on underlying protocol)
—
Public‑key & symmetric encryption, certificates
Key Points to Remember
HTTP is unencrypted; HTTPS adds SSL/TLS to protect data.
FTP is useful for bulk file transfers but is insecure unless wrapped in SSL/TLS (FTPS) or replaced by SFTP.
SSL/TLS works by establishing a secure session key after a handshake that authenticates the server (and optionally the client).
Always check the port numbers: 80 (HTTP), 443 (HTTPS), 21/20 (FTP), and the negotiated TLS port for secure services.
Modern browsers and servers favour TLS 1.2 or TLS 1.3; older SSL versions are vulnerable and should not be used.