- What is Secure FTP?
- SFTP vs. FTPS: Secure FTP Authentication
- SFTP vs. FTPS: Secure FTP Implementation
- SFTP vs. FTPS: Speed
- SFTP vs. FTPS: Security
- Watch a Demo
An increasing number of organizations are looking to move away from transferring data with FTP (a standard file transfer protocol). In the beginning stages of research, questions often arise around which secure transfer protocols are recommended and how those protocols differ from each other.
What is Secure FTP?
File Transfer Protocol (FTP) is a network protocol used to transfer files between clients and servers. Secure FTP takes the essential function of FTP – file transfer – and makes it more secure. FTP is not secure in and of itself, and it is often secured with SSL/TLS (to become FTPS) or replaced with SFTP (SSH File Transfer Protocol).
Secure File Transfer Protocols help you transfer data within and outside of your organization safe in the knowledge that your information is protected.
There are two mainstream protocols available for secure FTP:
- SFTP (FTP over SSH)
- FTPS (FTP over SSL)
Because SFTP and FTPS implement strong algorithms like AES and Triple DES to encrypt any data transferred, they both offer a high level of protection. SFTP and FTPS also support a wide variety of functionality with a broad command set for transferring and working with files.
Depending on your organization's needs, either secure FTP option could work to secure your file transfers. However, there are a few notable differences between the two in how connections are authenticated and managed.
Secure FTP Encryption
While FTP is unencrypted, both SFTP and FTPS have encryption mechanisms in place.
FTPS uses two data connections, a command channel and a data channel. You can choose to encrypt either both connection or only the data channel.
What is SFTP?
SFTP, which stands for SSH File Transfer Protocol, is a secure file transfer protocol used to secure and send file transfers over secure shell (SSH). SFTP, as a network protocol, implements AES, Triple DES, and similar algorithms to encrypt files as they transfer between systems.
What is FTPS?
FTPS (FTP over SSL) is a secure file transfer protocol that allows you to connect securely with your trading partners, customers, and users. When file transfers are sent, they are exchanged using FTPS and can be authenticated through FTPS-supported methods like passwords, client certificates, and server certificates.
See how SFTP and FTPS stack up in this free checklist.
SFTP vs. FTPS: Secure FTP Authentication
With SFTP, a connection can be authenticated using a couple different techniques:
1. For basic authentication, you or your trading partner may just require a user ID and password to connect to the SFTP server.
It's important to note that any user IDs and passwords supplied over the SFTP connection will be encrypted (this is a big advantage over standard FTP).
2. SSH keys can also be used to authenticate SFTP connections in addition to, or instead of, passwords.
With key-based authentication, you will need to generate a SSH private key and public key beforehand. If you want to connect to a trading partner's SFTP server, you would then send your SSH public key to them so they can load onto their server and associate with your account. Then, once you've connected to their SFTP server, your client software will transmit your public key to the server for authentication. If the keys match, along with any username/password supplied, the authentication will succeed.
With FTPS, a connection is authenticated using a user ID, password, and certificate:
Like SFTP, the usernames and passwords for FTPS connections are encrypted.
When connecting to a trading partner's FTPS server, your FTPS client will first check if the server's certificate is trusted. The certificate is considered trusted if either the certificate was signed off by a known certificate authority (CA), like Verisign, or if the certificate was self-signed by your partner. For self-signed certificates to verify, you must have a copy of their public certificate in your trusted key store.
Your partner may also require that you supply a certificate when you connect to them. Your certificate may be signed by a third-party CA or your partner may allow you to self-sign your certificate, as long as you send them the public portion of your certificate to load into their trusted key store.
RELATED READING: 10 Essential Tips for Securing FTP and SFTP Servers
SFTP vs. FTPS: Secure FTP Implementation
When it comes to ease of implementing SFTP or FTPS, SFTP is considered the easiest secure FTP protocol to implement. SFTP is very firewall friendly, needing a single port number (default of 22) to to be opened through the firewall. This single SFTP port will be used for all communications, including the initial authentication, any commands issued, and any data transferred.
FTPS, unfortunately, can be very difficult to patch through a tightly-secured firewall. FTPS uses multiple port numbers. The initial port number (default of 21) is used for authentication and passing any commands. However, every time a file transfer request (e.g. get or put) or directory listing request is made, another port number needs to be opened. You and your trading partners will therefore have to open a range of ports in your firewalls to allow for FTPS connections, which can put your network at risk and weaken your cybersecurity defenses.
RELATED READING: Which is Better: SFTP vs. FTPS?
SFTP vs. FTPS: Speed
SFTP and FTPS aren’t identical when it comes to which is faster. FTPS was designed to be speed-friendly: FTPS gives you the option of whether to encrypt both connections (the command channel and the data channel), or only the data channel. Because the control and data channel run asynchronously in two distinct connections, FTPS can achieve a high data transfer speed. However, SFTP is at most only slightly slower than FTPS.
RELATED READING: Which is Faster: FTPS or SFTP?
Which is More Secure: SFTP or FTPS?
In summary, SFTP and FTPS are both secure FTP protocols with strong authentication options. Since SFTP is much easier to port through firewalls, however, we believe SFTP is the clear winner between the two.
|Port for secure FTP||Uses only port 22.||Uses multiple port numbers; one for the command channel, and an additional port on the data channel for every file transfer request or directory listing request.|
|Authenticating connections||Choice to use a user ID and password to connect to an SFTP server or to use SSH keys with or instead of passwords.||Uses TLS/SSL to encrypt server connections and X.509 certificates to authenticate the connections.|
|Authentication||Algorithms like AES and Triple DES are used to encrypt transferred data.|
|Speed||Control and synchronization packets are sent on the same channel as data packets, which may cause SFTP to be slightly (but not significantly) slower than FTPS.||Was designed to be more speed-friendly, with the control and data channel running asynchronously.|
|Implementation||Considered the easiest secure FTP protocol to implement.||Can be difficult to patch through a tightly-secured firewall.|
An MFT Solution that Expertly Meets Your Needs
Are you making the switch from FTP? Protect your file transfer communications with managed file transfer (MFT). GoAnywhere MFT can help you achieve automatic encryption, streamline your file transfer processes, and safeguard traditional SFTP and FTPS data transmissions. With support for multiple platforms, including Microsoft Azure, Microsoft Windows, and Linux, you can create a secure, audited environment on any OS for transferring files inside and outside your organization.
See How GoAnywhere MFT can Improve Your File Transfers
Learn the ropes of MFT in this short, on-demand product demonstration: