Want newer details on SFTP and FTPS? Check out our 2018 SFTP vs. FTPS article!
An increasing number of organizations are looking to move away from transferring data with FTP (a standard file transfer protocol). In the beginning stages of research, questions often arise around which secure transfer protocols are recommended and how those protocols differ from each other.
There are two mainstream protocols available for secure FTP:
SFTP (FTP over SSH) and FTPS (FTP over SSL)
Because SFTP and FTPS implement strong algorithms like AES and Triple DES to encrypt any data transferred, they both offer a high level of protection. SFTP and FTPS also support a wide variety of functionality with a broad command set for transferring and working with files.
Depending on your organization's needs, either option could work to secure your file transfers. However, there are a few notable diffferences between the two in how connections are authenticated and managed.
With SFTP, a connection can be authenticated using a couple different techniques:
1. For basic authentication, you or your trading partner may just require a user ID and password to connect to the SFTP server.
Its important to note that any user IDs and passwords supplied over the SFTP connection will be encrypted (this is a big advantage over standard FTP).
2. SSH keys can also be used to authenticate SFTP connections in addition to, or instead of, passwords.
With key-based authentication, you will need to generate a SSH private key and public key beforehand. If you want to connect to a trading partner's SFTP server, you would then send your SSH public key to them so they can load onto their server and associate with your account. Then, once you've connected to their SFTP server, your client software will transmit your public key to the server for authentication. If the keys match, along with any username/password supplied, the authentication will succeed.
With FTPS, a connection is authenticated using a user ID, password, and certificate:
Like SFTP, the usernames and passwords for FTPS connections are encrypted.
When connecting to a trading partner's FTPS server, your FTPS client will first check if the server's certificate is trusted. The certificate is considered trusted if either the certificate was signed off by a known certificate authority (CA), like Verisign, or if the certificate was self-signed by your partner. For self-signed certificates to verify, you must have a copy of their public certificate in your trusted key store.
Your partner may also require that you supply a certificate when you connect to them. Your certificate may be signed by a third-party CA or your partner may allow you to self-sign your certificate, as long as you send them the public portion of your certificate to load into their trusted key store.
RELATED READING: 10 Essential Tips for Securing FTP and SFTP Servers
When it comes to ease of implementing SFTP or FTPS, SFTP is considered the easiest secure FTP protocol to implement. SFTP is very firewall friendly, needing a single port number (default of 22) to to be opened through the firewall. This single port will be used for all SFTP communications, including the initial authentication, any commands issued, and any data transferred.
FTPS, unfortunately, can be very difficult to patch through a tightly-secured firewall. FTPS uses multiple port numbers. The initial port number (default of 21) is used for authentication and passing any commands. However, every time a file transfer request (e.g. get or put) or directory listing request is made, another port number needs to be opened. You and your trading partners will therefore have to open a range of ports in your firewalls to allow for FTPS connections, which can put your network at risk and weaken your cybersecurity defenses.
In summary, SFTP and FTPS are both secure FTP protocols with strong authentication options. Since SFTP is much easier to port through firewalls, however, we believe SFTP is the clear winner between the two.
Are you making the switch from FTP? Protect your file transfer communications with managed file transfer (MFT). GoAnywhere MFT can help you achieve automatic encryption, streamline your file transfer processes, and safeguard traditional SFTP and FTPS data transmissions. With support for multiple platforms, including Microsoft Azure, Microsoft Windows, and Linux, you can create a secure, audited environment on any OS for transferring files inside and outside your organization.
Learn the ropes of MFT in this short, on-demand product demonstration: