An Introduction to FTP\FTPS\SFTP and the Alternative

$Page 1: An Introduction to FTP\FTPS\SFTP and the Alternative$
Enterprise File Sharing & Collaboration

An Introduction to FTP\FTPS\SFTP and the Alternative

Thru, Inc.

[email protected]

mailto:[email protected]

Thru Confidential

Agenda

What is FTP\FTPS\SFTP?

What hardware is required?

What drives FTP replacement?

When is Thru a better option?


What is FTP\FTPS\SFTP?

Thru Confidential

File Transport Protocol (FTP) is a way of transferring files between computers.

FTP is one of the original programs for accessing information on the internet.

Developed in 1971 as part of the U.S. Department of Defense's ARPANET protocols and thus predates both TCP and Internet Protocol (IP).

FTP Definition and Origin

Thru Confidential

Modes of FTP

Active mode- In active mode FTP the client connects from a random unprivileged port to the FTP server's command port. Then, the client starts listening to port “N” and sends the FTP command PORT “N” to the FTP server. The server will then connect back to the client's specified data port from its local data port.

Thru Confidential

Modes of FTP

Passive mode- In passive mode FTP, the client initiates both connections to the server. When opening an FTP connection, the client opens two random unprivileged ports locally (P > 1023 and “N”). The first port contacts the server but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1023) and sends “P” back to the client in response to the PASV command. The client then initiates the connection from port “N” to port “P” on the server to transfer data.

Thru Confidential

FTP Ports

Data – Port 20

Active - Port 21

Thru Passive - 28000 - 30000

Thru Confidential

FTPS and SFTP

FTPS - Is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.

SFTP - “SSH File Transfer Protocol”

is often mistakenly used to specify some kind of Secure FTP, by which people most often mean FTPS.

is a binary protocol in which all commands are packed to binary messages and sent to the server, which replies with binary reply packets.

Thru Confidential

FTPS and SFTP Pro’s

• Widely known and used

• The communication can be read

and understood by the human

• Provides services for server-to-

server file transfer

• SSL/TLS has good

authentication mechanisms

(X.509 certificate features)

• FTP and SSL/TLS support is

built into many internet

communication frameworks.

• Has good standards background

which strictly defines all aspects

of operations

• Has only one connection

• The connection is always secured

• The directory listing is uniform

and machine-readable

• The protocol includes operations

for permission and attribute

manipulation, file locking and

more functionality

FTPS SFTP

Thru Confidential

FTPS and SFTP Con’s

• Doesn’t have a uniform directory

listing format

• Requires a secondary DATA

channel

• Doesn’t define a standard for file

name character sets (encodings)

• Not all FTP servers support

SSL/TLS

• Doesn’t have a standard way to

get and change file and directory

attributes

• The communication is binary and

can’t be logged “as is” for human

reading

• SSH keys are harder to manage

and validate

• No built-in SSH/SFTP support in

.NET frameworks

FTPS SFTP


Hardware

Thru Confidential

Hardware

FTP\SFTP Server - A computer on the internet that offers FTP\SFTP access.

FTP\SFTP Utility

Command line (OS native)

FTP\SFTP Client

Browser

Thru Confidential

Utility Examples


FTP Replacement

Driving Factors

Thru Confidential

FTP Replacement

Security - Risk of having FTP port open in firewalls.

Native FTP does not have encryption.

FTP is unreliable.

When sending files the sender has no way to verify whether the recipient received or downloaded the file. If an error occurs the sender will not be notified.

FTP lacks management tools - It does not allow senders to automatically expire or delete files.

Files sit on the FTP server until IT admins delete it.

Thru Confidential

FTP Replacement

FTP Is Cumbersome-

To send a file to a new contact, a new FTP account needs to be set up. Since users do not have access to the FTP server and managing FTP is far from user friendly, they need to rely on the help of an IT administrator to create new accounts, retrieve forgotten passwords and remove accounts for those who no longer require access.

FTP Offers No Auditing-

The lack of an audit trail means companies can’t keep track of who sent what and to whom it was sent.


Thru Is A Better Option

Thru Confidential

The Better Option

Security - Thru uses port 443 which is a standard Internet port open to all firewalls.

Port 443 is HTTPS and encrypted for point to point communication.

Auditing – Easily track and audit all activities in the file system such as uploads and downloads.

File Management – With Thru, easily manage files for your organization with capabilities such as:

File retention

Blocking of certain extensions

File renaming

Thru Confidential

The Better Option

Ease of Management – Having multiple FTP servers can be cumbersome and difficult to manage.

No need for FTP client.

Thru's Secure DropBox™ removes the need to have IT set up personal FTP connections with user name and passwords.

Thru users only need to know the email address of the recipient to send data securely.

For more information about Thru, visit www.thruinc.comor contact [email protected]

Technology

An Introduction to FTP\FTPS\SFTP and the Alternative