Friday, October 5, 2012

What are FTP, FTPS, SFTP, and FTP Over SSH?

FTP is the official abbreviation for the word File Transfer Protocol. It is a standard network protocol for transferring files from one host or to another host on the Internet. FTP is commonly used by web developer to transfer the files of their website from their local computer to the computer which acts as their web hosting server to make their site online for everyone on the Internet. It can also used to download programs and other files to your computer from other servers. The web browser of your computer can make a FTP request to download the program that you have selected from a web page. By using FTP, you need a FTP account because you will going to use it to log on to the FTP server. And after that, you can now manage the files at the server, such as editing, renaming, moving, copying, and deleting a file.

FTP login will send a username and password scheme to the server for granting access. The username is sent to the server using the USER command, and the password is sent using the PASS command. If the login detail that have been provided by the client is accepted by the server, the server will send a greeting to the client and the session will start. And if the session has commence, the user may now log in without logging in their username and password again, but most servers authorize a limited access for such sessions. FTP was not developed to be a secure protocol, that's why it has many security weaknesses for this generation. FTP can't able to encrypt its transmissions by itself, such as usernames, passwords, commands, and data. They are can be read by anyone in clear text via performing packet capture or sniffing on a shared Internet connection.

The solution to the security problem of file transfer protocol is to use the secure versions of the insecure protocols, such as a FTPS or another kind of secure protocol that can protect the data on a public network. FTPS which also known as FTP over SSL and FTP Secure, is a protocol developed for transferring files over a secure connection. It still uses the technology of original FTP but it adds SSL, the same security that used for Hypertext Transfer Protocol Secure a HTTP over SSL which means Secure Sockets Layer a predecessor of Transport Layer Security. SSL and TLS are cryptographic protocols that provide communication security over the Internet. They encrypt the segments of network connections at the application layer for the transport layer.

FTPS is available in two modes, and the first mode is a File Transfer Protocol over Explicit SSL which known as FTPES, in this mode the client can optionally switch from vulnerable FTP to encrypted FTPS. If a client doesn't request security, the FTP secure server can either allow the client to continue in unreliable transmission, or limit the connection, or drop it. And the second mode is an implicit FTPS that required SSL session which established between client and server before any data will exchanged. Any attempt by the client in insecure connection will automatically be dropped by the server.

A SFTP in computing means SSH File Transfer Protocol which also called as "Secure FTP". It is another network protocol than FTP, that uses secure shell (which officially abbreviated as SSH) to transfer files. It encrypts both commands and data to prevent the sensitive information from being transmitted openly over the network. Its functions is the same as FTP, but because it uses different protocol, an (old) FTP client can't be used to transact to a SFTP server, nor can connect to a FTP server with a client that supports only SFTP. Secure Shell (SSH) is a cryptographic network protocol for secure data communication. And last, FTP over SSH is not the same as SFTP, but it is also called as "Secure FTP" as SFTP because they are both in SSH connection. It refers to the using of a standard FTP session but over a SSH connection. It's with a SSH tunnel that placed between client and server. Always remember that FTP is not encrypted. So, if you're going to transfer a file via FTP access and you are connecting to a public Internet access, don't forget to use a FTPS or any secure FTP for your security.

No comments:

Post a Comment

You can use some HTML tags, such as <b>, <i> and <a> tags, but please do not spam.