FTP - FTPS Mode

What are the details of FTP - FTPS Mode?

1. What FTPS is and how it differs from the traditional FTP data sharing?
When FTP (file transfer protocol) was first used, there was virtually no way to protect users data. Now, FTPS allows user to protect data, which still taking advantage of the simplicity of FTP.
FTPS essentially addresses security gaps user face when only using FTP. FTPS stands for file transfer protocol SSL (secure sockets locker).
One of the biggest drawbacks of using FTP alone is that users data is sent un-encrypted, even ones usernames and passwords during login. So, anyone could intercept and understand this sensitive data.
With FTPS, users data is scrambled, inaccessible to anyone but the sender and the recipient. Only the two approved entities – the sender and the recipient – can exchange data securely.

2. When sharing data via FTPS, one can use either explicit FTPS or implicit FTPS.
Explicit FTPS is the newer method of FTPS transfer and has generally overtaken implicit FTPS use, with the exception of legacy systems. When explicit FTPS is used, a traditional FTP connection is established on the same standard port as FTP. Once the connection is made (before login), a secure SSL connection is established via port 21.
With explicit FTPS, before a transfer can begin, the client will request encryption information to determine what portions of the data is protected. If the client hasn’t set up these security requests, one of two things occurs – either the connection is declined, or the transfer is made insecurely using the basic FTP protocol.

  • Explicit FTPS inherently provides users with flexibility regarding how files are sent. So, user could choose to send data unencrypted, but protect ones user credentials, or user could protect all information sent in a transfer. The client can decide how secure they want file transfers to be.  The server can also disallow insecure requests, thereby forcing the client to use FTPS and not FTP.

  • Implicit FTPS was the first method created to encrypt data sent “via FTP”; although a different port is used. When using implicit FTPS, an SSL connection is immediately established via port 990 before login or file transfer can begin. If the recipient fails to comply with the security request, the server immediately drops the connection. Implicit FTPS is actually more strict than explicit FTPS when it comes to establishing a secure connection. In fact, the entire FTP session is encrypted, in contrast to flexibility one have when using explicit FTPS. However, implicit FTPS is considered a deprecated protocol, meaning that it not the current standard.