It’s been a while since concerns were raised about FTP due to its lack of security. Now that it’s more or less a thing of the past, it’s time we all got better acquainted with its successors, SFTP and FTPS…
With so many acronyms in the file-transfer world, it can be very easy to feel overwhelmed.
In order to choose the best method for your needs, you need to understand how each one works.
That’s why I’m here to give you a quick run-through of two of the game-changers: SFTP and FTPS…
File Transfer Protocol Secure
FTPS (File Transfer Protocol Secure) builds upon FTP by combining it with SSL/TLS.
If you’re not clued up on SSL/TLS, I would recommend reading our article, but long story short, the concept started as SSL (Secure Sockets Layer), which has now evolved into TLS (Transport Sockets Layer).
TLS not only encrypts your data so that if you fall victim to a man-in-the-middle attack, the attacker won’t be able to make use of any information they manage to get hold of, but it authenticates the connection between the browser and web server.
This is done with SSL/TLS certificates. A website with a certificate signed by a publicly trusted certificate authority (CA) will be trusted by client software such as web browsers and operating systems.
When the browser connects to the web server, it checks whether a valid certificate is present. If it is, the “handshake” process begins, where the browser and server negotiate how to proceed.
A valid certificate allows the browser and server to verify that each other is legitimate and therefore form a binding connection that is very difficult to penetrate.
Adding this layer of security to FTP turns a completely unsecure method of file transfer into one which is pretty hard to hack.
Secure File Transfer Protocol
So now we know how FTPS keeps your files safe, it’s time to take a quick look at SFTP (Secure File Transfer Protocol).
SFTP was developed as an extension to SSH (Secure Shell Protocol) – check out our article for the full lowdown.
SSH is a way to remotely log in to one computer from another over an unsecured network, via a secure channel.
When you combine SSH and FTP, you get SFTP – a method of transferring files over a secure connection. SFTP encrypts your files and data and then sends them over a secure shell data stream.
You initiate the connection by creating or obtaining credentials, which you will need to input into an SFTP client. This authenticates you as a user and allows you to begin the connection.
You can also connect via the command/line terminal but you will still need to log into the system to verify yourself as an approved user.
SFTP vs FTPS
If you’re a WordPress user looking to grab a copy of your files from your server, SFTP may be your best bet, as you might not always have the certificate required to form an FTPS connection.
The good news is that file-transfer clients such as FileZilla allow you to select which method you want to use, and since all the encryption and securing of the channel is done in the background, they all look and work the same at the user’s end.
So, the bottom line is this … if you care about security with a capital ‘S’, then you should give a ‘S’ about FTP too!