Secure File Transfer Protocol came into existence to support the existing FTP with safety/security features. FTP had been around for ages, and its drafting did not consider safety as its prime feature. So, this drawback was taken care of with the introduction of FTPS or Secure File Transfer Protocol. The concerns of sending data over a public network have changed over time, and security stands first. Sending data without encryption on a public network poses multiple security threats to anyone and everyone trying to communicate using one.
To achieve this, FTPS protocol was proposed in RFC 2228. Data protection over the network uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS). FTPS servers/FTPS clients provide encryption for providing security. FTPS follows a simple client-server model that allows for the encryption of both the command and data channels and enables one to connect securely with the trading partner, client etc. FTPS authenticate the connection using various support methods such as client certificates, server certificates, user IDs, server identities, public key certificates, or password combinations. The encrypted files are transferred using strong algorithms such as AES (Advanced Encryption Standard) and Triple DES (Data Encryption Standard).
The FTPS protocol exchanges data using two separate channels known as the command and data channels (similar to data exchange in FTP).
Command channel: (runs on server port 21).
Responsible for accepting client connections.
Handles the exchange of simple commands between an FTPS client and server.
Commands used for authenticating an FTPS user are exchanged on the command channel, e.g., USER and PASS.
It remains open until the client sends the QUIT command to disconnect or until the server forcibly disconnects the client due to inactivity or other reasons.
Data channel:
Runs using on-demand temporary ports listening on the server (passive mode) or the client (active mode).
Responsible for exchanging data in the form of directory listings and file transfers.
Commands for getting a server directory listing, uploading a file and downloading one are exchanged on the data channel, e.g., LIST, STOR and RETR.
Closes once the transfer of data is complete.
Uses a range of data channel ports to handle concurrent file transfers or directory listings.
Types of FTPS:
Advantages of FTPS
More secure, reliable and flexible than basic FTP.
Human understandable communication.
SSL/TLS has a good authentication mechanism, including X.509 certificate features.
Many internet communications frameworks have built-in FTP and SSL/TLS support.
Disadvantage:
Difficult to connect through firewalls with high levels of security.
Comments