I’m writing this article for the beginners who don’t have much knowledge about the FTP vs SFTP vs FTPS. Let me start the discussion with definition of network protocols. I would not go in detail of protocol but would like to briefly explain the protocol.
Protocol is the rules and standards defined to communicate over network. These rules are defined by network engineers. Over the periods of time in the world of the network the rules and standards become the important aspect of the network communication. Below are the basic communication protocols –
- Hypertext Transfer Protocol
- File Transfer Protocol
- Transmission Control Protocol
- Post Office Protocol
If you wanna know more about the protocol then please visit this Communication Protocol article.
File Transfer Protocol ( FTP)
FTP is the File Transfer Protocol which defines the rules and standards for the communications for transferring the file from one host to other host over the network using the TCP/IP. In FTP the data is transferred in three different modes :
- Stream Mode : In this mode of FTP, data is transferred in a continuous stream
- Block Mode: In this mode of FTP, data is divided into different blocks
- Compressed Mode: In this data is sent by compression by Run-length algorithm
FTP transfers the unsecured data over network i.e. clear user name, password, files and the FTP commands. This data can be read by anyone over the network.
SSH File Transfer Protocol (SFTP)
SFTP (SSH File Transferred Protocol ) is the replace of the FTP for securely transferring the data using the Secure Shell Protocol. SFTP encodes the data while transferring it on the network. It encrypts both commands and data providing effective protection against common network security risks. SFTP encrypts the session, preventing the casual detection of your user name, password or anything you’ve transmitted. SFTP is not the same as FTPS; the latter implements the original FTP protocol through a separately-created secure tunnel.
File Transfer Protocol – SSL (FTPS)
FTPS (File Transfer Protocol – SSL) is the pure FTP over SSL/TSL (Secure Socket Layer / Transport Layer Security) which encrypts the control session and data sessions if required during the transmission over the network.
With FTPS the control session is always encrypted, but the data session is not. Why is this? Because with the control session encrypted the authentication is protected and you always want this (normal ftp uses clear text). If you are NOT pre-encrypting the file, you want the data session encrypted so that the file is encrypted while the data is in flight. However, if you are pre-encrypting the file then you do not need to have the data connection encrypted as you do not need to add the overhead of encrypting the data connection, since the file is already encrypted. Understand that SFTP is SSH file transfer and FTPS is FTP with SSL, FTPS is a file transport layer on top of SSL or TLS. The FTPS adds SSL-enabled FTP send and receive capabilities, uses the FTP protocol to transfer files to and from SSL-enabled FTP servers.