Secure
FTP encryption
While FTP is not encrypted, both SFTP and FTPS have encryption mechanisms
.
FTPS uses two data connections, a command channel and a data channel. You can choose to encrypt both connections or just the data channel.
Unlike FTP and FTPS, SFTP uses only one connection. Both authentication information (i.e. user ID and password) and data being transferred are encrypted via SFTP.
SFTP vs. FTPS: Secure FTP Authentication
With SFTP, a connection can be authenticated using a couple of different techniques:
1. For basic authentication, you or your business partner may require a user ID and password to connect to the SFTP server.
It is important to note that any user IDs and passwords supplied over the SFTP connection will be encrypted (this is a huge advantage over standard FTP).
2. SSH keys can also be used to authenticate SFTP connections in addition to, or instead of, passwords.
With key-based authentication, you’ll need to generate an SSH private key and a public key beforehand. If you want to connect to a trading partner’s SFTP server, you need to send them your SSH public key so they can be uploaded to your server and associated with your account. Then, once you’ve connected to your SFTP server, your client software will transmit your public key to the server for authentication. If the keys match, along with any username/password provided, authentication will succeed.
With FTPS, a
connection is authenticated using a user ID, password
, and certificate:
Like SFTP, usernames and passwords for FTPS connections are encrypted
.
When connecting to a trading partner’s FTPS server, your FTPS client will first verify if the server’s certificate is trusted. The certificate is considered trusted if the certificate was signed by a well-known certification authority (CA), such as Verisign, or if the certificate was self-signed by its partner. For self-signed certificates to be verified, you must have a copy of your public certificate in the trusted keystore.
Your partner may also require you to provide a certificate when you connect to them. Your certificate can be signed by a third-party CA or your partner can allow you to self-sign your certificate, as long as you send them the public portion of your certificate to upload to their trusted keystore.
RELATED READING: 10 Essential Tips to Secure FTP Servers and
SFTP SFTP vs. FTPS
: Secure FTP Implementation
When it comes to facilitating the implementation of SFTP or FTPS, SFTP is considered the easiest secure FTP protocol to implement. SFTP is very firewall friendly as it needs a single port number (default of 22) to open through the firewall. This single SFTP port will be used for all communications, including initial authentication, commands issued, and data transferred.
FTPS, unfortunately, can be very difficult to patch through a tightly protected firewall. FTPS uses multiple port numbers. The initial port number (default of 21) is used for authentication and approval of any command. However, each time a file transfer request (for example, get or put) or directory listing request is made, another port number must be opened. Therefore, you and your trading partners will have to open a range of ports on your firewalls to allow FTPS connections, which can put your network at risk and weaken your cybersecurity defenses.
RELATED READING: Which is Better: SFTP vs. FTPS?
SFTP vs. SFTP
FTPS:
SFTP speed and FTPS are not identical when it comes to which is faster. FTPS was designed to be speed-friendly: FTPS gives you the option to encrypt both connections (the command channel and the data channel) or just the data channel. Because the control and data channel run asynchronously on two distinct connections, FTPS can achieve high data transfer speed. However, SFTP is at most only slightly slower than FTPS.
RELATED READING: Which is faster: FTPS or SFTP?
Which is more secure: SFTP or FTPS?
In short, SFTP and FTPS are secure FTP protocols with strong authentication options. However, since SFTP is much easier to port through firewalls, we think SFTP is the clear winner between the two.
FTPS SFTP port for secure FTP Uses only port 22. Uses multiple port numbers; one for the command channel and an additional port on the data channel for each file transfer request or directory listing request. Connection authentication The option to use a user ID and password to connect to an SFTP server or to use SSH keys with or instead of passwords. It uses TLS/SSL to encrypt server connections and X.509 certificates to authenticate connections. Authentication algorithms such as AES and Triple DES are used to encrypt the transferred data. Speed control and sync packets are sent on the same channel as data packets, which can make SFTP slightly (but not significantly) slower than FTPS. It was designed to be more speed-friendly, with the control channel and data running asynchronously. Implementation Considered the easiest secure FTP protocol to implement. It can be difficult to patch through a well-protected firewall.
An MFT solution that expertly meets your needs Are
you making the FTP switch? Secure your file transfer communications with managed file transfer (MFT). GoAnywhere MFT can help you achieve automatic encryption, streamline your file transfer processes, and secure traditional SFTP and FTPS data transmissions. With support for multiple platforms, including Microsoft Azure, Microsoft Windows, and Linux, you can create a secure, audited environment on any operating system to transfer files in and out of your organization.
See how GoAnywhere MFT can improve your file transfers
Get to know the MFT strings in this short on-demand product demo:
Watch a demo now
