1-877-FTPTODAY
1-877-387-8632
Home Features Pricing FAQ Why FTP Today Company Customer Service Contact
History Articles Press Releases Legal

Company » Articles » Secure FTP, Secure FTP Servers, Encrypted FTP Servers, Secure File Transfer Servers, SFTP

Secure FTP

The intent of this article is to explain how FTPS servers, SFTP servers and HTTPS differ from one another, and the benefits or pitfalls of each method of encryption.

As you will understand when you read on, FTP Today sorts through the choices for you. We have taken the strongest method of encryption (SSL) and created two ways to utilize it, one that is functional only using our Web FTP Client and one that is functional with all third party FTP client software.

FTPS (FTP using SSL)

Best for Secure and Automated Transfers
More info on this add-on

Advantages:

  1. Uses 256-bit SSL encryption
    • Username and password are encrypted, as opposed to being sent over the Internet as clear text, as with standard FTP.
    • Data files are sent over an encrypted channel. [Note - This may be user-selectable on stand-alone client software]
    • No one can snoop or sniff out your login information or the contents of your data files on the public Internet.
  2. Third party FTPS client software compatible
    • Many standalone FTPS client software packages can automate and schedule unattended transfers... a BIG ADVANTAGE. 
    • Some of your users may already have FTPS client software and prefer it to our web-based method (next).
  3. Users are jailed to their private FTP folders based upon username.
  4. Activity log keeps track of all user activity.

Disadvantages: [MINOR]

  1. Your end users will have to license and install FTP client software ($0 to $50) with FTPS capabilities.
  2. FTPS is not always "firewall-friendly", therefore you and your clients with firewalls may have to arrange for certain TCP/IP ports to be open to your FTP Today FTP site's IP address. This is not a major hurdle and our support staff will guide you.

FTP - over - HTTPS (SSL Tunnel)

Best for Secure Web-based Transfers
More info on this add-on

Advantages:

  1. Uses 128-bit SSL encryption
    • Username and password are encrypted, as opposed to being sent over the Internet as clear text, as with standard FTP.
    • Data files are sent over an encrypted channel. [Note - This may be user-selectable on stand-alone client software]
    • No one can snoop or sniff out your login information or the contents of your data files on the public Internet.
  2. Web browser based
    • Requires no software to be installed by the end user, except a Java Virtual Machine (plugin that is free and everyone usually already has). 
    • Loads quickly and seamlessly in their web browser window, and is automatically unloaded when that window is closed.
  3. Users are jailed to their private FTP folders based upon username.
  4. Activity log keeps track of all user activity.
  5. Can be combined with FTP Today Custom Edition  for a branded, customizable web-based FTP interface
  6. HTTPS is firewall-friendly, therefore you should have no client-side issues to deal with.

Disadvantages: [NONE]

SFTP using SSH2

A poor choice compared to SSL

Some standalone FTP client software offer "SFTP".  SFTP is not a generic acronym for "Secure File Transfer Protocol"; The "S" stands for encryption using Secure SSH (Secure SHell).  While this is technically still 128-bit encryption, that is where the similarity to the above SSL methods ends.

Disadvantages: [MAJOR]

  1. Your end users will have to license and install SFTP software on their computers.
  2. You may also have to support your end users in installing, configuring and using their SFTP software.
  3. Most SFTP server deployments use OpenSSH/SFTP on the server, which does not jail a user inside of a particular folder based on their username & password authentication. Because of this lack of privacy among multiple users, SFTP is best deployed in a single-usr environment.
  4. SSH/SFTP keeps no log of user activity.  There is therefore no audit trail whatsoever.

FTP Today sees no advantages in deploying SFTP on your hosting account, therefore we do not recommend this solution except in rare cases where you are already using SFTP over SSH2 or some customer of yours forces your hand. Please contact Sales to discuss costs and deployment of SFTP in lieu of FTPS.

HTTPS (HTTP using SSL)

Not designed for File Transfer applications.

Disadvantages:

HTTPS is used in hosting websites with e-commerce applications.  This is great for securing order forms while customers enter credit cards, but functions like user-authentication and folder privacy are not best handled by HTTP or HTTPS. The HTTPS protocol is not natively meant for transferring files. It is meant for displaying web content over a secure connection from a web browser to a web server.

Home Features Pricing FAQ Why FTP Today Company Customer Service Contact
History Articles Press Releases Legal
Sitemap
Acceptable Use Policy Terms of Service Privacy Policy Copyright Notice


Copyright © 2010 FTP Today. All rights reserved.