FTP or File Transfer Protocol is a standard network protocol that is used to transfer files from one host to another host over the Internet.
Security concerns about FTP
FTP is a widely used protocol. But security is a big concern for it. FTP was not created keeping security in mind. The traffic between two hosts is transferred unencrypted in FTP. Even the usernames and passwords are transferred unencrypted, and they can be sniffed by a third party. So, this protocol is very much vulnerable to sniffing or spoofing attacks. And that is why the use of FTP is deprecated nowadays for security concerns.
SFTP vs FTPS – What is the difference between SFTP and FTPS?
SFTP or SSH File Transfer Protocol is a network protocol that provides file transfer functionality over a secure and reliable data stream. This protocol was designed by the Internet Engineering Task Force or IETF, and it can be used with SSH version 2.0. SFTP was actually designed as an extension of SSH version 2.0, and it uses SSH protocol to transfer files securely.
SFTP protocol runs over a secure channel, and it follows a simple request-response model. An SFTP client sends a request message to the SFTP server, and the SFTP server sends a response in return. The client can request to open or close a file or directory, read or write a file, retrieve attributes of a file, remove a file or directory, etc. Interested readers can find more information on how SFTP works here: How does SFTP protocol work?
FTPS is an extension of FTP. It adds support for the SSL/TLS cryptographic protocols. In this protocol, normally a Transport Layer Security is established from the beginning of the connection. There are two types of modes in FTPS – implicit and explicit.
In the case of implicit FTPS, the client is expected to send a TLS ClientHello message at the beginning of the connection, and if it fails, the connection is dropped.
In explicit FTPS, the client is expected to ask for security explicitly. If it fails to ask, it is up to the server to continue in the unsecured mode or drop the connection.
Once a TLS connection is established, the data is transferred between the hosts in an encrypted format.
In terms of security, both SFTP and FTPS are good. But, compatibility is a big concern for SFTP.
I hope this helps. Interested readers who want to know more about how different cryptographic algorithms work and how they are used in various secure network protocols may want to refer to the book “Cryptography And Public Key Infrastructure.”
Security Fundamentals Practice Tests
The Security Fundamentals Practice Tests test one’s fundamental knowledge of cyber security. The practice tests are good for those who are preparing for various certification exams like the CCNA, CCNP, or CompTIA. They are also good for students and IT/security professionals who want to improve their understanding of cybersecurity.
0 Comments