What Is FTPS (FTP Secure)?
File transfer protocol with Secure Sockets Layer (SSL) definition.
What Is FTPS (FTP Secure)?
FTPS meaning
FTPS (also known as FTP Secure) is an evolution of the widely used File Transfer Protocol (FTP) . Because FTP is not typically considered a secure file transfer channel, FTPS was proposed as an alternate in RFC 2228. FTP provides the foundation for FTPS, but the latter includes an additional encryption layer. In FTPS, FTP data travels through the network using either Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.
Just like FTP, FTPS works in a client-server model, utilizing a control channel and a data channel for exchanging FTP commands and data during an FTPS client session.
How security works in FTPS
An FTPS connection is authenticated with a user ID, password, and public key certificate (similar to how HTTPS works). Tools such as OpenSSL allow key certificates to be requested and created. When connecting to an FTPS server, an FTPS client will first verify the trustworthiness of the server’s certificate.
When a trusted certificate authority (CA) signs these certificates, it ensures the client is being connected to a trusted and secure server, which helps protect against man-in-the-middle attacks.
Certificates not signed by a trusted CA, which are known as self-signed certificates, may prompt the FTPS client to generate a warning saying the certificate isn’t valid. The client can choose to accept the certificate or reject the connection.
FTPS (over SSL/TLS) uses X.509 certificates for authentication. These digital certificates include a public encryption key and information about the certificate owner. The public key has two major functions: validation and data encryption. The public key has an associated private key. This private key is stored separately from the certificate, which is used for decrypting the message encrypted by the public key.
Implicit FTPS vs. explicit FTPS
Implicit FTPS refers to sessions where the command and data channels are encrypted at all times. An SSL encryption is implied at the beginning of the session, which means a secure FTPS connection is mandatory. In this scenario, a non-FTPS client won’t be allowed to communicate with the FTPS server. The FTPS server defines a specific port (990) for the client to use for secure connections.
Implicit FTPS consumes a lot of network bandwidth and computational resources because encryption happens in both the command and data channels. In a scenario where a user wants to upload nonconfidential files to the FTPS server, an explicit FTPS connection would be used instead of an implicit FTPS connection.
In explicit FTPS, the client directly requests security from the FTPS server. This is an optional request. If a client doesn't request security, the FTPS server can either allow the client to continue in unsecure mode or refuse or limit the connection.
Explicit FTPS can be used in scenarios where the requirement is to secure only the command channel (which carries the commands and user authentication) and not the data channel (which carries nonconfidential FTP data). Port 21 is the default port used by the FTP server to communicate with the client. This allows both unsecure FTP and secure FTPS clients to connect to the FTPS server.
For organizations adhering to federal regulatory compliance standards, implicit FTPS is recommended.
How is FTPS more secure than FTP?
- Communication can be read and understood by humans
- FTPS can be used for server-to-server file transfer requirements
- SSL/TLS has good authentication mechanisms, including X.509 certificate features
- Many internet communication frameworks have built-in FTP and SSL/TLS support
FTPS file transfer with Serv-U MFT Server
SolarWinds ® Serv-U ® Managed File Transfer (MFT) Server supports secure file transfer protocols such as FTP, FTPS, SFTP, and HTTP/S. Serv-U MFT Server also supports FIPS 140-2 validated cryptography. Enabling FIPS 140-2 mode limits Serv-U to encryption algorithms certified to be FIPS 140-2 compliant and ensures the highest level of security for encrypted connections.
What Is FTPS (FTP Secure)?
FTPS meaning
FTPS (also known as FTP Secure) is an evolution of the widely used File Transfer Protocol (FTP) . Because FTP is not typically considered a secure file transfer channel, FTPS was proposed as an alternate in RFC 2228. FTP provides the foundation for FTPS, but the latter includes an additional encryption layer. In FTPS, FTP data travels through the network using either Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.
Just like FTP, FTPS works in a client-server model, utilizing a control channel and a data channel for exchanging FTP commands and data during an FTPS client session.
How security works in FTPS
An FTPS connection is authenticated with a user ID, password, and public key certificate (similar to how HTTPS works). Tools such as OpenSSL allow key certificates to be requested and created. When connecting to an FTPS server, an FTPS client will first verify the trustworthiness of the server’s certificate.
When a trusted certificate authority (CA) signs these certificates, it ensures the client is being connected to a trusted and secure server, which helps protect against man-in-the-middle attacks.
Certificates not signed by a trusted CA, which are known as self-signed certificates, may prompt the FTPS client to generate a warning saying the certificate isn’t valid. The client can choose to accept the certificate or reject the connection.
FTPS (over SSL/TLS) uses X.509 certificates for authentication. These digital certificates include a public encryption key and information about the certificate owner. The public key has two major functions: validation and data encryption. The public key has an associated private key. This private key is stored separately from the certificate, which is used for decrypting the message encrypted by the public key.
Implicit FTPS vs. explicit FTPS
Implicit FTPS refers to sessions where the command and data channels are encrypted at all times. An SSL encryption is implied at the beginning of the session, which means a secure FTPS connection is mandatory. In this scenario, a non-FTPS client won’t be allowed to communicate with the FTPS server. The FTPS server defines a specific port (990) for the client to use for secure connections.
Implicit FTPS consumes a lot of network bandwidth and computational resources because encryption happens in both the command and data channels. In a scenario where a user wants to upload nonconfidential files to the FTPS server, an explicit FTPS connection would be used instead of an implicit FTPS connection.
In explicit FTPS, the client directly requests security from the FTPS server. This is an optional request. If a client doesn't request security, the FTPS server can either allow the client to continue in unsecure mode or refuse or limit the connection.
Explicit FTPS can be used in scenarios where the requirement is to secure only the command channel (which carries the commands and user authentication) and not the data channel (which carries nonconfidential FTP data). Port 21 is the default port used by the FTP server to communicate with the client. This allows both unsecure FTP and secure FTPS clients to connect to the FTPS server.
For organizations adhering to federal regulatory compliance standards, implicit FTPS is recommended.
How is FTPS more secure than FTP?
- Communication can be read and understood by humans
- FTPS can be used for server-to-server file transfer requirements
- SSL/TLS has good authentication mechanisms, including X.509 certificate features
- Many internet communication frameworks have built-in FTP and SSL/TLS support
FTPS file transfer with Serv-U MFT Server
SolarWinds ® Serv-U ® Managed File Transfer (MFT) Server supports secure file transfer protocols such as FTP, FTPS, SFTP, and HTTP/S. Serv-U MFT Server also supports FIPS 140-2 validated cryptography. Enabling FIPS 140-2 mode limits Serv-U to encryption algorithms certified to be FIPS 140-2 compliant and ensures the highest level of security for encrypted connections.
Enhance security and control over file transfers in and outside your organization.
View More Resources
What is the MFT Protocol?
What is MFT transfer? What are the advantages of this protocol, and what tools make it possible to transfer files via MFT.
View IT GlossaryWhat Is FTP Server?
File transfer protocol server (commonly known as FTP Server) is computer software that facilitates the secure exchange of files over a TCP/IP network.
View IT GlossaryWhat is File-sharing security?
File-sharing security is all about utilizing the right set of file security tools, transfer protocols, and procedures while exchanging sensitive business documents inside or outside the company network.
View IT GlossaryWhat Is Reverse Proxy?
A reverse proxy facilitates seamless communication in a client-server architecture with intelligent traffic routing, filtering, and distribution.
View IT Glossary