Both FTP and SFTP are data transfer protocols. However, they differ in their level of transfer and the integrated security measures. Here’s how these two network protocols work in detail and when it’s better to use FTP or SFTP.
FTP, what is it?
FTP means File Transfer Protocol. It is a network protocol used to exchange files between servers and clients. It contains communication rules within an IP network and allows data to be transferred to a server using a browser or an FTP client.
The development of the FTP protocol dates back to 1971. At that time, the dangers of the Internet were not yet recognized. THE numerous FTP security vulnerabilities, real open doors for hackers, were not noticed and closed until later. However, FTP still presents some risks.
And SFTP, then?
SFTP stands for SSH File Transfer Protocol and constitutes a FTP protocol extension. Published in 2001 by the Internet Engineering Task Force (IETF), it is also known as Secure Transfer Protocol. Unlike its predecessor, SFTP also uses an encrypted Secure Shell connection.
SSH is a tunneling protocol that transmits files securely over TCP port 22. Data is not transmitted in text format, but encrypted using encryption algorithms. This makes it more complicated for hackers to access passwords or other confidential data. SFTP uses version 2 of the SSH protocol, which makes it possible to “tunnel” any TCP/IP application.
FTP vs. SFTP: what’s the difference?
Both FTP and SFTP allow you to upload and download files from and to a server. Most FTP clients, like FileZilla, support both protocols.
FTP uses two channels: a command channel and a data channel. This corresponds to TCP ports 20 and 21, with no encrypted connection. On his side, SFTP used a single channel for data transmissionor TCP port 22. However, this channel is encrypted by SSH.
The two protocols also differ in the file size authorized for transfers: 4 GB for FTP and 16 GB for SFTP.
Rent your own Secure FTP server with IONOS for secure file hosting. Check out our FileZilla tutorial and find out how to configure your FTP server!
FTP or SFTP, which one to choose?
Overall, SFTP remains the secure protocol of choice for data transfers between client and server. It also allows the encrypted transfer of sensitive information such as configuration files. On the other hand, FTP leaves the possibility to cybercriminals to intercept data in text format.
SFTP also supports public key authentication, enough to ensure a higher level of protection than a simple password. Additionally, troubleshooting as well as client and server configuration are easier with SFTP.
When is it better to use FTP or SFTP?
The choice between FTP vs. SFTP depends on data transfer requirements: FTP is suitable for data transfers that do not require protection against unauthorized access. These may be, for example, publicly available documents or validated software packages. In addition, FTP is sufficient for transfers in private local networks, as long as these are sufficiently secure.
On the other hand, from the moment when confidential information must be exchanged between the server and the client, it is better to use the SFTP protocol. It allows to transmit sensitive data securely and encrypted, even over public networks. This is for example personal data such as financial information, relating to health or civil status. It is also recommended to use SFTP between different establishments of the same company.
