Hello! In computer science, there are numerous acronyms that are commonly used. However, not all the time you know what they mean. Although some can be more complicated than others, today we will talk specifically about the differences between FTP and SFTP. Files Transfer Protocol is a protocol created to be able to transfer information between different systems. Within the hosting ecosystem, it is very relevant because it is an ally to upload or download information to our hosting in a quick and easy way. Certainly, the use of hosting is relatively new. However, this protocol was born in 1974. Although it was originally intended for other purposes, its operation evolved to its present form in 1985.
How FTP works.
FTP is based on a client-server configuration. Therefore, it allows you to transmit information regardless of the operating system you use. Even the system used by the hosting provider (Windows, Linux, MAC, etc.) is not relevant. To be able to use it, it is necessary to have a server and also a client. Check our tutorials to learn more about each type.
The communication is initiated when a connection is made from the client to the server. In addition, this connection is negotiated through the network port 21, also called control port. However, this will not be the port through which the information will be sent or downloaded. Indeed, this depends on the FTP mode selected.
Active mode: the server opens the initial connection. Consequently, it opens the connection on its port 20 and connects to the client on a random port greater than 1024. Moreover, this port is specified by the FTP client itself. Note that this is the least recommended option. Indeed, its use implies having a fairly wide range of ports open on your computer. It certainly carries many security risks.
Passive mode: the client opens the initial connection. In addition, it is the server that indicates which port to open. It will always be done on a network port greater than 1024 of the servers. Therefore, it is not necessary to have open ports on the computer. This is logical, since it will be the server that will open the connection.
We have already mentioned that the FT protocol was created several years ago. Even before hackers existed. Therefore, it was not recognized as a secure protocol. In fact, the information that travels between computer and server is in plain text. That is, without any kind of encryption.
What does the lack of encryption imply?
Well, this implies a considerable risk that the data will be captured. Indeed, an attacker could see our connection data and even view the information we are uploading. Even worse, they could download it using a Sniffer type software. These tools are capable of scanning the network for vulnerabilities.
Suppose you make a connection using plain FTP. As a result, you will see a warning that the connection is not secure. We have established that the FTP connection is not secure at all. Because of this, two secure versions were subsequently born: FTPS and SFTP. Although they are almost the same acronym, they are not at all the same. Let’s take a look at what each one consists of.
Secure versions of FTP: FTPS and SFTP
What is FTPS?
FTPS works in the same way as conventional FTP. However, the main difference is that it has an SSL/TLS encryption layer underneath. Also, this layer is provided by a security certificate. It is known as Secure FTP and there are two types of connection:
- Explicit FTPS: This is the month used. In addition, we also recommend its use. A normal, unencrypted connection is made. However, before sending any sensitive data, TLS negotiation is required to encrypt the connection.
- Implicit FTPS: It is in disuse. In fact, it is not available on most servers. The negotiation of the secure connection is done before any FTP command is sent.
What is SFTP?
SFTP is a wholly different protocol from conventional FTP. Indeed, it is based on the SSH (Secure Shell) protocol. In addition, the entire connection is encrypted and made through network port 22. They differ not only in encryption. Additionally, it is a protocol with more functionalities than conventional FTP. For example, we have the execution of CLI (Command Line Interface) commands.
SFTP stands for Secure File Transfer Protocol. Through it, we can exchange encrypted data between the client and the server. It uses Secure Shell (SSH) for this purpose. In addition, we can not only transfer files via SFTP. Indeed, we can view directories, rename them or limit rights. An SFTP program allows you to upload files for your website to your webspace. We can even create a backup of the website with SFTP. With a SFTP program, you can also delete entire files and folders. Indeed, if you delete contents, they will no longer appear to visitors of your website. In short, SFTP is the successor to FTP. The major difference is greater security. This is indicated by the addition Secure.
Security is a fundamental concern in any technology environment. Certainly, in the world of hosting, it is an element that also depends on the provider. However, it is primarily an element to be taken care of by the user. Today we talked about the differences between FTP and SFTP. Logically, you may have noticed that the main difference is related to security. Therefore, it is not currently recommended using a conventional FTP connection to connect. There are certainly exceptions. For example, we can use them for specific cases for reasons of urgency. Mostly when we need a fast connection and do not have much time to configure it. Moreover, when the data to be shared is not sensitive.
Consequently, when you connect via FTP to upload or download data, remember to always do it via FTPS or SFTP. This way, we are taking care of our data. Please keep in mind that hackers are always on the prowl. Therefore, it is our duty to make things more difficult for them. See you soon!