MFT Resource Center
File Transfer Protocol (FTP)
What is FTP?
FTP, or File Transfer Protocol, is the oldest, most widely used modern protocol for transferring files over the Internet. Simple FTP uses a client-server model, in which a client requests data, and then a server provides it.In B2B use cases, each trading partner generally uses a clear-text sign-in protocol for authentication.
Age
FTP is the oldest protocol and has seen use dating all the way back to the 1960s.
FTP Status and Popularity
FTP is used everywhere online, including for site updates and bulk file transfers. Users can quickly and easily install an FTP server in all major operating systems, including Windows, Linux, UNIX, and Mac OS. It's easily the most widely used protocol. But due to security issues, FTP doesn't suffice for partner exchanges. And many organizations are also moving away from FTP, or turning to an MFT solution to secure their FTP for internal transfers.
Security Issues with FTP
The big drawbacks are that FTP by itself doesn't encrypt data in transit and FTP uses separate command and data channels. That's why it's not considered secure and why SFTP, FTPS and FTP via VPN have emerged. We'll break down each of the three major types of secure FTP options.
FTP WITH VPN
Often, businesses connecting through FTP use a virtual private network (VPN), which provides an extra layer of security around transactions. But FTP with VPN isn't perfect. It's biggest drawback is a lack of non-repudiation, which verifies the identity of each party and prevents receivers from denying the receipt of a transaction from a verified sender.
SFTP
SFTP is essentially FTP with a different security layer, Secure Shell (SSH), developed by the Internet Engineering Task Force (IETF), which originally created FTP. This security layer encrypts the message while in transit and decrypts the message upon arrival. SFTP requires the server to authenticate the client computer. All commands and data are encrypted to prevent passwords and other sensitive information from being exposed to the network in plain text. Unlike FTP, SFTP does protect data during transmission and doesn't use separate command and data channels - it transfers data and commands in formatted packets with one secure connection.
But like FTP with a VPN, SFTP doesn't provide non-repudiation, which makes it unsuitable for many MFT applications.
FTPS
FTPS - FTP over SSL/TSL - adds a secure encryption layer (Secure Sockets Layer) around the FTP protocol to secure the commands and data transferred between client and server. FTPS is similar to SFTP, secured with encryption but lacking non-repudiation. It also carries some drawbacks related to efficiency and the use of secure firewalls.