You must have often wondered what methodology is followed during transfer of numerous files and images over the internet. One of the methods used is File Transfer Protocol or FTP. This is a standard network protocol used to transfer data or exchange files over a TCP-based network, such as the Internet. FTP is an unsecured way of data transfer. But if you are looking to transfer files and data in a secured and encrypted way, then SFTP is the right option.
Two Methods of Transfer – Secured and Unsecured
Data can be transferred over a network or the web in two ways: Secured and unsecured way.
FTP (File Transfer Protocol) – The Unsecured Way
FTP is the protocol for exchanging files over the Internet in an unsecured manner. FTP uses the Internet’s TCP/IP protocols to perform data transfer. The FTP process requesting a file transfer is called the FTP client, while the FTP process receiving the request is called the FTP server. There are unsecured FTP servers that allow anonymous people to download files that have been hosted on the FTP servers. FTP protocol is extensively used by people who maintain and routinely upload files to websites.
SFTP (Secure FTP) – The Secured Way
When the goal is to limit the number of people who can perform the file transfer, a log in feature is built-in, which require a username and password for authentication. In the current business environment of increased security regulations as well as heightened security threats by hackers, secure file transfer has become extremely important and necessary. Standard FTP transmits data without any level of security. To counteract the insecure nature of standard FTP, many businesses use SSH (Secure Shell) File Transfer Protocol, also known as Secure FTP or SFTP for accessing, transferring, and managing files safely. Unlike standard File Transfer Protocol (FTP), SFTP encrypts commands and data, thus preventing passwords and sensitive information from being transmitted over a network.
Process of FTP
The process involved in requesting a file through FTP is as follows:
- The FTP client opens a TCP connection to the control port (21) of the server.
- The FTP client forwards a user name and password to the FTP server for authentication. The server indicates whether authentication was successful.
- The FTP client sends commands indicating the file name, data type, file type, transmission mode and direction of data flow to the server. The server indicates whether the transfer options are acceptable.
- The server establishes another TCP connection for data flow, using port 20 on the server.
- Data packages are now transferred using the standard TCP flow control, error checking, and retransmission procedures. Data is transferred using the basic Network Virtual Terminal (NVT) format as defined by TELNET.
- When the file has been transferred, the server closes the data connection, but retains the control connection.
- The control connection can now be used for another data transfer, or can be closed.
Process of SFTP
The SFTP protocol assumes that it is run over a secured channel, such as SSH, and that the server has already authenticated the client, and that the identity of the client is available to the protocol. The functionality of SFTP is similar to that of FTP. However, SFTP clients use SSH to transfer files. SFTP requires that the client user must be authenticated by the server and the data transfer must take place over a secured channel. It allows a wide range of operations to be performed on remote files, acting somewhat like a remote file system protocol. SFTP allows operations such as resuming from halted transfers, directory listings and remote file removal. There are some additional capabilities that SFTP offers when compared to the earlier Secure Copy Protocol (SCP). SFTP is designed to be more platform-independent and is available on most platforms. Although both SCP and SFTP use the same SSH encryption during file transfer, the file transfer speed of SFTP is slower than SCP due to the back and forth nature of the SFTP protocol. All data is encrypted before they are sent across the network. File transfer can be cancelled without terminating the session.
What is SSH?
Secure Shell (SSH), also known as Secure Socket Shell, is a UNIX-based command interface and protocol used for secured remote access to computers and networks. It is widely used by network administrators to control Web and other kinds of servers remotely. SSH commands are encrypted and secure in several ways. Both ends of the client/server connection are authenticated using a digital certificate, and passwords are protected by being encrypted. The SSH, SCP, and SFTP command line tools which are part of the SSH package, are secure versions of the earlier UNIX utilities, rlogin, rsh, and rcp. SSH uses RSA public key cryptography for both connection and authentication. SSH2, the latest version, is a proposed set of standards from the Internet Engineering Task Force (IETF).
SSH uses public-key cryptography for authentication. There are several ways to setup the authentication process. One is to automatically generate public-private key pairs to simply encrypt a network connection, and then use password authentication to log on.
Another way is to use a manually generated public-private key pair to perform the authentication, allowing users or programs to log in without having to specify a password. In this scenario, anyone can produce a matching pair of different keys (public and private). The public key is placed on all computers that allow access to the owner of the matching private key, which is kept secret by the owner. While authentication is based on the private key, the key itself is never transferred through the network during authentication. SSH only verifies that the person offering the public key also owns the matching private key. In all versions of SSH it is important to verify unknown public keys, i.e. associate the public keys with identities, before accepting them as valid.
FTP versus SFTP – A Meaningful Comparison
File Transfer Protocol or FTP is a network protocol which is implemented in order to exchange files over a TCP/IP network – that is the Transmission Control Protocol and the Internet Protocol. FTP can be accessed anonymously. Sometimes the user can be asked to login with his or her email address, which is not often verified properly.
SFTP also known as SSH File Transfer Protocol is a network protocol which allows file access, transfer, and management over a secure data stream. Secure Shell (or SSH) protocol is the platform which provides secure transfer capabilities. Unlike FTP, the SFTP protocol is encrypted, and provides a secured environment for file and data transfer.
SFTP protocol has a varying and wide range of operations that are accessible on remote files. Some of its more notable features include resuming interrupted transfers, directory listings, and remote file removal. Compared to other protocols, SFTP is a more platform-independent. As a result, the SFTP protocol is available on a variety of platforms.
FTP servers have authentication and encryption protocols in place such that access is restricted when it comes to viewing directories, or modifying commands by the user. FTP only allows access to view or download. SFTP offers an interactive interface with a command-line program that implements client communication.
The process of FTP is faster that SFTP as FTP does not have to get into the complicacies of authentication and encryption.
So next time you are downloading files and images on the internet, you know the protocols working behind the transfer process. If you are uploading files to a website, you are aware of the protocol to use depending on the security level you want to setup for accessing the files. When connecting to Internet servers, SFTP is more popular because it’s supported by Linux and UNIX servers by default. While you delve deeper into the functions and opportunities of internet and web, you may also want to check other protocols like TCP and Hypertext Transfer Protocol (HTTP). As we retrieve more and more information from the internet it is a good idea to keep yourself acquainted with the different internet protocols.