| technology | networking - David Chapman
FTP/FTPS vs SFTP vs TFTP: When Are They Used?
FTP, STFP, and TFTP are network protocols you'll find on most networking certification exams, like Network+ and CCNA. However, in the real world, you'll need a deeper understanding of protocols to know when to use them.
Knowing the basics of FTP, SFTP, and TFTP is vital and, depending on the situation, one may be a better solution than the others. Let’s explore the types of protocols — and when each is used.
What is a Transfer Protocol?
A transfer protocol is one designed to allow transferring of data from one endpoint to another. This may be a server hosting a file you need to download or a router/firewall that you need to upload new firmware to. Over time, the demands for these protocols have increased. Originally, a simple mechanism to copy data from one location to another was sufficient.
Today, people are copying confidential information, health records, and other sensitive information that they want to have encrypted. FTP had to adapt to meet those needs. Having a robust data transfer protocol in place will also help prevent malware and other threats.
As data files become larger, the speed and efficiency of transferring the data are important. FTP has always been good with this, although certain flavors such as SFTP have options for compression that can sometimes help.
Transfer protocols also need to be reliable for their use case. If you cannot rely on delivering the exact same data from one place to another, it is not very useful. Cybersecurity professionals need to understand how secure all transfer protocols are, even if they're just getting started in security.
The Basics: HTTPS and SSL
Hypertext Transfer Protocol (HTTP) is a transfer protocol you'll see from the moment you start learning networking basics. HTTP is typically used to transfer documents such as HTML primarily for web browsers. Over time it has been extended and used for other purposes such as transferring files.
Secure Sockets Layer (SSL) is the standard technology that keeps an internet connection secure. It also protects data sent between two systems. Currently known as Transport Layer Security (TLS), this cryptographic protocol is vital to communications security. TLS (a.k.a. SSL) is what makes HTTP secure — thus Hypertext Transfer Protocol Secure (HTTPS).
Common HTTPS uses include:
- Uploading and Downloading Files
- Making Secure Purchases over the Internet
- Using a Search Engine
What is FTP/FTPS?
File Transfer Protocol (FTP) is one of the oldest protocols. You may see it in entry-level cybersecurity training, like Security+, but also day-to-day in just about any networking role. Over the years, it has been modified to support encryption and information security through various updates.
The original FTP protocol was standardized through a few RFCs starting with RFC 114. A few RFCs have extended its functionality over the years, such as RFCs 354 and 765. RFC 959 starts to look more like what we see today, but it is not the most recent RFC related to FTP. Most of the File Transfer Protocols, except for TFTP, build upon TCP of the standardized TCP/IP framework. TFTP builds upon UDP.
There are quite a few flavors of related protocols:
- FTPS (FTP over SSL – actually TLS these days, but the name persists)
- Explicit – Uses a STARTTLS command to start the encryption
- Implicit – Connecting to a specified port assumes encryption upon connection
Each FTP server usually accommodates a number of clients. It is a "one server to many clients" relationship. FTP servers usually have very little overhead, so thousands of clients can easily be handled by an FTP server when properly sized and tuned.
Data Exchange Considerations for FTP
The FTP protocol has two channels for communication. The initial connection is a command connection/channel. This is where things like authentication happen, requests for downloads, uploads, and directory listings. These are all exchanges that happen in the command channel. When a user requests to upload or download a file or simply needs to transfer data, a data channel is opened.
Pros of FTP: FTP has survived a long tenure in use for a few reasons. It is a very fast and efficient protocol. With the various flavors, it also has a great deal of flexibility. Nearly all transfer applications support it, and until recently, nearly all operating systems came with at least a command-line client for FTP.
Cons of FTP: One of the cons to FTP is that it has so many flavors that sharing FTP connection details can be confusing and the terminology is not always used correctly. For example, FTPS is often confused with SFTP or used interchangeably. The security aspect of FTP has not always been the greatest as well.
Network Address Translation of addresses can be a problem with FTP. In FTPs default Active mode, both endpoints may be behind NAT and unaware of their public IP addresses. Passive mode helps to assist with this by allowing that configuration to be on the server and rely less upon the client to determine connectivity details. Active mode is also problematic in that it requires some firewall configuration, like on Cisco Meraki firewalls, to work properly.
What is SFTP?
SFTP is a Secure Shell-based (SSH) File Transfer Protocol. It came to exist before FTPS flavors were popular and built off the popularity of SSH's encryption for terminals/command line and brought it to file transfers.
Data Exchange Considerations for SFTP
SFTP extends the SSH protocol. It uses the same authentication methods that SSH uses and is typically implemented over TCP on port 22. Public-facing servers may change this port to obscure it. The traffic is encrypted end to end, and the payloads of the commands do not include any IP or port metadata that the traditional FTP protocol does.
This helps allow it to play better with threat-reducing firewall features, particularly with the control and data commands being encrypted, a firewall would not be able to do any sort of "fixup" on it to correct those payloads.
Pros of SFTP: One of the original pros for SFTP is security. SSH AND SFTP are updated regularly to use the latest encryption algorithms. SSH is a rather simple protocol and does not have any of the internal payload issues that traditional FTP does. Thus, it easily plays well with firewalls without any special configuration.
Cons of SFTP: One of the major cons is that SFTP is not as widely supported, at least natively from a server or client perspective. Many enterprise FTP server packages require an addon or extra licensing to support SFTP.
For those on Windows, many of the tools to use SFTP can be lacking, particularly native command-line tools. For most UNIX distributions, SFTP is a default offering.
What is TFTP?
Trivial File Transfer Protocol (TFTP) was created out of a need for routers and firewalls to have firmware uploaded to them, but they did not have the computing power to run a full FTP software to allow it. TFTP is a lightweight and paired down File Transfer Protocol. It was in use for quite some time, primarily for internal network devices. The TFTP firmware standard had to be modified in order to allow larger transfers.
Data Exchange Considerations for TFTP
TFTP is typically used inside a network and is best suited in scenarios where NAT is not involved. It also typically only allows a singular connection between two endpoints.
Pros of TFTP: The main pro for this is the ease of use. Many of the TFTP server software can be loaded on to your local machine, where you can share a local directory of your firmware for ease of transfer to the network device.
Cons of TFTP: TFTP does have some downsides. Basic security, such as authentication, is missing. There is also no encryption for TFTP. Many implementations of TFTP do not do well with multiple concurrent connections as the typical use case for this is to turn it on if/when you need to upload/download firmware for your network devices.
TFTP uses UDP, which has no integrity checking built-in. It is possible that segments of your file transfer may "go missing," leaving a corrupt file. It does not happen very often but can from time to time.
When Should You Use FTP/FTPS, SFTP, and TFTP?
When you should use each of these depends on your use case. For example, if you are working on an older router — and hopefully it's not a zombie in a botnet — it may only support TFTP, and you are limited to that. Generally, though, TFTP is an older protocol, not in much use anymore. Many newer devices support FTP at the least.
FTP/FTPS is still the most widely used protocol and the best for the widest target audience, along with easy to configure for the most platforms.
SFTP is usually implemented if you already have an environment with SSH or if UNIX is the predominant Operating System in your environment.
These days if you want encryption and reliability, it is difficult to go wrong with either FTPS or SFTP. It comes down to your intended use case and which one you are better at supporting, but you may find that you need to implement and support both to maintain compatibility.
These variants of a File Transfer Protocol are very important in passing a few different certifications such as Network+, Sec+, and CCNA. Because these are some of the most widely used File Transfer Protocols, security is a particular concern. A more complete understanding of how the protocols operate can assist you in ensuring security and interoperability.