Secure FTP FAQs
What is FTPS?
FTPS allows you to connect securely with your trading partners, customers, and users. To verify authenticity, FTPS uses a combination of user IDs, passwords, and certificates. FTPS uses TLS to encrypt server connections, X.509 to authenticate connections, and AES and Trip DES to encrypt file transfers.
Which is Faster: SFTP vs. FTPS?
FTPS was designed to be more speed-friendly, with the control and data channel running asynchronously in two distinct connections in order to achieve the highest possible data transfer speed. With SFTP, control and synchronization packets are sent on the same channel as data packets. This may cause SFTP to be slightly, but NOT significantly, slower than FTPS. Read more >
What are the Key Differences Between SFTP and FTPS?
Yes, but a Disaster Recovery license is discounted. Maintenance is calculated at 20% of the net license price after the discount. The differences between SFTP and FTPS include the number of ports required, authentication, speed and implementation.
For a deeper dive, read SFTP vs. FTPS: The Key Differences.
Which is Better: SFTP vs. FTPS?
If SFTP and FTPS are both secure protocols with similar protection, when is it best to use one over the other? The answer is: it depends. Your choice comes down to your organization’s IT infrastructure, trading partner requirements, how you want to authenticate file transfers, and which ports you want to use. For more guidance which secure FTP solution is best, read Which is Better: SFTP vs. FTPS?
How Secure is SFTP?
Is SFTP secure enough for you? While SFTP solutions do not require two-factor authentication, you do have the choice to require both a user ID and password, as well as SSH keys, for a more secure connection.
How to Secure FTP and SFTP Servers
Are FTP, FTPS, or SFTP servers secure? The number one way to secure your FTP servers is to stop using FTP. If standard FTP is running on your server, you should disable it as soon as possible; FTP is over 30 years old and isn’t meant to withstand the modern security threats we face today. FTP is not encrypted, and it lacks privacy and integrity. FTP makes it easy for a hacker to gain access and capture or modify your data while it’s in transit.
Secure your SFTP and FTPS servers with these steps:
- Use strong encryption and hashing. such as with SFTP and FTPS. Opt for strong ciphers like AES and TDES, or SHA-2 family algorithms for verifying transmission integrity, and disable any older, outdated ciphers like Blowfish and DES.
- Place your servers behind a gateway.Many organizations store their FTP servers in the DMZ, a public-facing segment that is easy to attack. Using an enhanced reverse proxy like a DMZ Secure Gateway keeps files and credentials in the private network, rather than opening inbound ports.
- Implement IP Blacklists and Whitelists. An IP blacklist allows you to deny system access to a range of IP addresses, either temporarily or permanently. If your trading partners use fixed IPs, you can whitelist their specific IP addresses.
- Harden your FTPS Server. Avoid using Explicit FTPS unless you force encryption for the authentication and data channels, and do not use any version of SSL or TLS 1.0. Plus, you should use Elliptic curve Diffie-Hellman key exchange algorithms.
- Set secure user policies.
- Require and use strong passwords.
- Implement file and folder security. Limit folder access to only the essentials. Encrypt files at rest, especially if they’re stored in the DMZ, and retain files on the FTP server only as long as needed.
- Lock down administration. Restrict admin duties to a limited number of users and require to use multi-factor authentication. Avoid easy-to-guess admin user IDs like “root” or “admin,” and protect passwords by storing them in an AD domain or LDAP server.
More best practices: 10 Essential Tips for Securing FTP and SFTP Servers
How Does SFTP Work?
Secure File Transfer Protocol (SFTP) works over the Secure Shell (SSH) data stream to establish a secure connection and provide organizations with a higher level of file transfer protection. This is because SFTP uses encryption algorithms to securely move data to your server and keep files unreadable during the process, and authentication prevents unauthorized file access during the operation.
Read more: How SFTP Works
What Port Does SFTP Use?
Unlike FTP over SSL/TLS (FTPS), SFTP only needs a single port to establish a server connection — port 22.
Read more: What Port Does SFTP Use?
What are SFTP Servers?
A typical file transfer server helps transfer files server-to-server or client-to-server, and SFTP servers are a more protected version: they encrypt data to keep sensitive information secure while moving files, and some have the added bonus of encrypting files at rest. SFTP servers use a single data channel in which login credentials as well as files are encrypted – because both authentication and files are encrypted, your connection is secure.
Read more: What are SFTP Servers?
Are SFTP Files Encrypted?
Yes, SFTP encrypts files by working over the SSH data stream to establish a secure connection and provide organizations with an increased level of file transfer protection due to its encryption capabilities.
SFTP uses encryption algorithms to securely move data to your server and keep files unreadable during the process, while authentication prevents unauthorized file access during the operation. SFTP uses only one connection and encrypts both authentication information and the files being transferred.
Read more: Are SFTP Files Encrypted?
Are SFTP and FTP the Same?
No, Secure File Transfer Protocol or SSH File Transfer Protocol (SFTP) and File Transfer Protocol (FTP) are not the same thing. SFTP, not to be confused with FTP Secure (FTPS), is a network which allows file access, transfer, and management over a secure data stream. FTP is a network protocol which is implemented in order to exchange files over a Transmission Control Protocol (TCP) and Internet Protocol (IP) network.
Read more: Are SFTP and FTP the Same?
Is SFTP or MFT Better?
Choose an SFTP solution if...
If you need a free or otherwise inexpensive way to send and receive secure file transfers to a handful of trading partners, an SFTP server and client tool might suit you. You can achieve basic needs like authenticating your users, transferring unlimited files per server connection, and controlling your port usage.
Choose an MFT solution if...
If you need a way to streamline all aspects of your file transfers, a managed file transfer solution is the better choice. With MFT, you can choose to transfer files using secure FTP protocols, including SFTP, FTPS, HTTPS, and AS2, and more!