Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
FTPS is just an extension of FTP, and therefore is supported by most servers. Since it uses the same ports as FTP, too, there is no need to open any additional ports in your firewall. FTPS uses an SSL/TLS layer below the standard FTP protocol to encrypt control and/or data channels. While FTPS can be employed in a variety of ways, the most preferred method is called Explicit FTPS, which uses TLS security. When operating in Explicit FTPS mode, the FTP client connects to the server's port 21 and starts an unencrypted FTP session as it normally would. The client then requests TLS security and performs the appropriate handshake before sending any sensitive data. Data can be encrypted in the command channel, the data channel, or ideally, both.
Secure Copy, or SCP, does not use FTP or SSL to transfer files, rather Secure Copy handles the file transfer and relies on the SSH protocol to provide authentication and security for both credentials and data. Unfortunately, SCP doesn't have file management capabilities -- certainly a cause of concern. When an SCP client sends a request to download files or directories, the server feeds the client with its subdirectories and files, causing a server-driven download. This makes the protocol a security risk if the server is malicious or has been compromised. You will find that SCP is being replaced by the more comprehensive and platform-independent SFTP protocol, which is also based on SSH.
Unlike SCP, which basically tunnels RCP (remote copy) over SSH, SFTP is a new protocol that uses SSH to provide a secure service, allowing the server to encrypt the data and handle the file transfer. SFTP includes many file management capabilities such as deletion, renaming, interrupted transfer resumption and directory listings. This means, though, that it is very important to set the correct permissions on your SFTP server to ensure least-privilege access.
One big difference between SSH and SSL is that SSH, much like PGP, uses keys. SSL requires the use of digital certificates. This makes SSH less centralized than SSL. SFTP clients must install keys on the SFTP server, while FTPS's use of certificates establishes trust without having to directly exchange security information. FTPS, too, is easier to configure and doesn't require any changes to your firewall. On this basis alone, I prefer FTPS over SCP. However, your final choice for a secure file transfer client will also need to take into account the types of systems you need to connect to and whether file management capabilities are necessary.
This was first published in November 2006