Let’s start with a fun fact: FTP has been around for nearly 50 years — and because of that, there are lots of flavors and variations of the protocol. There’s plain old FTP — File Transfer Protocol — but there’s also FTPS, FTP-SSL, and SFTP. Many people ask: How do they differ?
An Explainer on FTP
At a basic level, FTP is a protocol that has one server and many clients that connect to the server in order to transfer files from one system to another. The client(s) log into the server to execute commands. Commands allow you to move around the file tree, download files, upload files, move directories, delete, and much more. In the early days of the ARPAnet / Internet, this was revolutionary because you could take files and move them over great physical distances — even large files. FTP is not complicated, but it’s exceedingly powerful and has stood the test of time.
The first FTP client applications were command-line programs developed before computers had graphical user interfaces. Such applications are still shipped with Windows, Linux, and Unix-based operating systems today.
FTP helps send files by transmitting information quickly and reliably so you can transfer large files online. File transfer protocol is commonly used for transferring large files between a client and a server. You can use FTP to exchange files between computer accounts, transfer files between an account and a desktop computer or access files in online storage.
File Transfer Protocol and Security
As great as FTP was at the time, it lacked security measures to encrypt usernames and passwords or other data going across the protocol. Thus FTPS and SFTP were made to build security measures directly into the protocol.
Decades later, we have services like Dropbox or Box that use their own protocols to move files around on the internet. You may ask yourself — why not just abandon FTP entirely and let companies use their own protocols? Here are a few reasons:
- The backbone of the internet runs on standard protocols, like HTTP, FTP, DHCP, DNS, etc. Using a standard protocol is in line with the goals of a free and open internet.
- It gives you flexibility in your toolset. Because of how long FTP has been around, there are tons of tools, scripts and daemons made that work with it.
- Many devices already have FTP built into them, such as security cameras. Let’s say you develop a new security camera and want it to connect to a closed protocol, like Dropbox. With FTP, you can make the connection. With a closed protocol however, you would have to contact Dropbox and pay licensing fees for using their protocol.
- Every client machine already supports file transfer protocol! You don’t need to download a client to access FTP functions from the command line — you can even use whatever client you want to interface with FTP!
What is FTPS?
FTPS, also known as FTP Secure or FTP-SSL, is a more secure form of FTP. FTPS is basic FTP with security added to the data transfer. Special security protocols TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are cryptographic and provide encryption of data to protect your information as it moves from point A to point B, including username/password.
FTPS is to FTP much like HTTPS is to HTTP: an added layer of security while keeping the original protocol relatively unchanged.
What is SFTP?
SFTP, also known as SSH FTP, encrypts both commands and data while in transmission. This means all your data and credentials are encrypted as they pass through the internet. If you’ve ever used a Unix-based system, you’re likely familiar with SSH. It’s a protocol that allows you to remotely connect to other systems and execute commands from the command line. SSH is how most servers in the world are administered, so the protocol had to be very secure. SFTP was created as an extension of SSH to transfer files through the secure channel (SSH).
Unlike FTP and FTPS, SFTP protocol is packet-based as opposed to text-based. This makes file and data transfers using the SFTP faster than other secure FTP connections.
Which Protocol Should I Use?
Learning about the different protocols might seem daunting. We’ve compiled a shortlist of the differences — advantages and disadvantages that can help clarify which protocol would be best for your use.
FTP vs SFTP
In our opinion, if you are able to use SFTP — use it. FTP is great for legacy devices that don’t support any sort of encryption, but if you have access to encryption, it’s better to use SFTP. You don’t want your files intercepted by a malicious hacker downstream of your machine if you can help it.
FTPS vs SFTP
Both SFTP and FTPS provide a high level of protection. The biggest difference between these two protocols is how connections are authenticated and managed.
- SFTP connections can be authenticated using a user id and password to connect to the server. SSH keys can also be used to authenticate SFTP connections. You will need to generate an SSH private key and public key to connect with the SFTP server.
- Like SFTP, the usernames and passwords will also be encrypted. To connect, your FTPS client will first check if the server’s certificate is trusted. The certificate is considered trusted if either the certificate was signed off by a known certificate authority (CA), like Verisign, or if the certificate was self-signed (by your partner) and you have a copy of their public certificate in your trusted key store.
In today’s world of SaaS companies, cloud computing and ecommerce, knowing your options for secure file transfer is important. While we have laid out the main differences between three file transfer protocols, it’s obvious that SFTP and FTPS offer the most security benefits.
FTP brings the speed and reliability that many industries and devices still rely on, and will rely on well into the future. From small files to mission critical files that run the world, FTP and it’s secure variants run the world.
For more information on FTP, SFTP and business file transfer, visit the ExaVault blog.