What is FTPS?
FTPS is a security extension to File Transfer Protocol (FTP). As a protective measure, it uses a security protocol to guard against tampering when data is sent over a public network (such as the Internet). Some hosting plans allow FTPS access, while others do not - but most will allow some form of File Transfer Protocol - or a similarly secure alternative.
FTPS is also known as FTP-ES, FTP-SSL and FTP-Secure. In order to understand the value of what FTPS is, first one must understand how data transport works on the internet.
The internet is a series of switches tossing around packets - each packet has a header (or control information) which indicates what type of packet is being sent, how and to who - and a "Payload" (or bitstream). Assuming these principles - certain packets conform to standards that are known to both the sender and recipient of a data packet. This is the basic cornerstone of how the internet works.
The internet model, broken into layers, has hardware controlling a datalink and network access - which enables the network layer and communication between devices. On top of this is stacked the transport layer - this is where Transmission Control Protocol (TCP) allows network coordination of Internet Protocol (IP) - which is where a computer's address is stored. File Transfer Protocol (FTP) - which is the basis of FTPS - is a network protocol for controlling data streams for sending individual files across a network.
Looking for a great deal on FTP hosting?
Hostinger provides quality hosting with high bandwidth and 24/7/365 support. Accounts come with FTPS. Right now you can save up to 87% on their plans. Use this discount link to get the deal.
FTP has existed since the early 1970's — for use in ARPANET, then, FTP adopted TCP/IP in the 80s, and by the mid-90s, security features were finally beginning to be added. In order to make FTP safer for the transfer of sensitive information, encryption securities were proposed and enacted in the 1990s.
Because the Internet was growing, user communication increased, as did the potential for eavesdropping. Netscape came up with the concept known as the Secure Socket Layer (SSL) in 1994 — which is an encryption protocol that protects user data from unauthorized third parties. SSL is actually a wrapper for the Application Layer - which is the most abstracted level of internet protocol.
With SSL, and later with Transport Layer Security (TLS) — data streams become encrypted and cannot be read without having the decryption keys. This is used commonly for websites which require sensitive user data over Hypertext Transfer Protocol (HTTP) — but the same principles can be applied to FTP — which means that files can be sent from one storage location to another, without a third party being capable of knowing what files are being transferred. FTPS is simply a version of FTP which uses TLS and SSL for security.
The secure versions of FTP include FTPS, Implicit SSL, and FTPS Explicit SSL. With implicit mode, security is established and in place before any data transfer happens. If a client attempts to connect without SSL encryption, the server refuses the request. Explicit mode, however, allows the client and server to negotiate the security level. The server is able to accept both encrypted and unencrypted requests.
FTPS in Applications
FTP may indicate either a method for sending files or the program that performs the actual sending. The protocol itself is one of the oldest means of sending and accessing files on the Internet, and you must still access an FTP server to upload files to, or download files from, a website. This is especially helpful for webmasters who do not use a content management system (CMS).
The majority of web hosts will allow for FTP access - which is generally over secure FTPS access. It is very rare to find a host that does not support it - unless they are using a different but similar technology like WebDAV or Secure Shell (SSH) Protocol.
It's important to note that FTPS has nothing to do with the completely different file transfer system, the SSH File Transfer Protocol (SFTP). Several companies offer free and commercial versions of secure FTP clients, which you can install locally and use to transfer files.
The most popular clients include FileZilla, Transmit, and CyberDuck. FTP can also be accessed directly through Windows file explorer if setup correctly. Files can often be dragged and dropped from the FTP client into a folder - and vice versa.
It is common practice to edit files on a local hard drive, and then push updated HTML or content onto the web server over FTP.
What's the difference between Anonymous FTP and FTPS?
Anonymous FTP is a file transfer protocol system that allows users to download files via regular FTP access without the need for a secure username and password. With this system, every single user will have an FTP account and sign-in access to your site. With today's high volume websites and wide variety of security concerns, anonymous FTP is not a very practical application for file transfers.
By comparison, FTPS is almost the exact opposite of Anonymous FTP. FTPS is a security extension to File Transfer Protocol, and it guards against tampering when data is sent over a public network. Almost all website hosting providers allow some type of FTP access to their customers - most don't offer Anonymous FTP today, but FTPS is also not always the required method of file transfer, either. Consult with your hosting provider before you begin uploading and downloading files via FTP if you are unsure what access users have to your server.
FTPS and FTP are so old - are they still important?
Roads and bridges are a very old concept, but we still use them. Throughout the previous century, humanity learned how to create asphalt, manage steel enforced beams — and generally made bridges safer.
They also made bridges less prone to collapse and put jersey barriers into freeways to make them safer. This analogy applies to the information super-highway just as easily — file transfer protocol has existed longer than a graphical interface operating system. Yet, the core network concepts remain in use.
Is FTPS the only way to send files securely?
No, there are many options available, but each one depends entirely on the operating system available, and/or the type of server being run by your web host. FTP works across multiple operating systems with relative ease.
WebDAV is mostly Microsoft focused, SSH File Transfer Protocol (SFTP) — uses SSH — which is built natively into Linux, but requires special configuration to run on Windows. Alternatively, AtomPub and CMIS offer similar functionality but generally need a higher amount of configuration - and are used for deep infrastructure.
Who uses SFTP?
Anyone! Almost all web hosts have FTP, and many allow for secure transfers. Be sure to ask your provider if TLS/SSL is part of the hosting plan. Most modern hosts should say yes.
Other features in Server Administration
Need serious FTPS hosting?
Liquid Web scored extremely well in our recent speed and performance tests. Right now our readers can save up to 50% on Liquid Web VPS plans. Use this special discount link to get the deal.
FTPS Frequently Asked Questions
- Is FTPS the same thing as File Transfer Protocol (FTP)?
The name is similar, but the idea is different. FTPS is a security extension to FTP. It is used as a security measure to protect against tampering when information is transmitted via the internet.
- How simple is it to implement FTPS via my hosting plan?
It depends on the hosting company you are using. While some allow for FTPS access, others prohibit this.
You may still have access to FTP, but not the additional security extension. If this is important to you, it is a must to verify this feature with your hosting company before signing up.
- Is FTPS really necessary?
There is no right or wrong answer to this question, but here is what you need to know: this was developed to make it safer to transfer information via the internet.
It is not necessary, as some hosting companies do not offer support, but, there is no denying the benefits of it from a security point of view.
- What are the other names for FTPS?
You may not be familiar with FTPS, but could have come across one of its other names at some point. It is also known as FTP over SSL (Secure Sockets Layer). Other terms include FTPES, FTP over TLS, FTP/SSL, and FTP Secure.
- Are there ways to take advantage of FTPS if not offered by a hosting company?
The easiest way to benefit from FTPS is to find a hosting provider that allows FTPS access.
If this is not possible, there are third party companies to consider. It adds another step to the process, but clients such as FileZilla and CyberDuck are commonly used.
- Is SFTP the same thing as FTPS?
While similar in some ways, SFTP and FTPS are not the same. These are the most commonly used protocols for secure FTP transfers, but are not identical.
- What is the difference between explicit and implicit FTPS?
Also known as FTPES, the name "explicit" says it all. It means that the client must explicitly request security from an FTPS server.
Implicit FTPS is different in the way that negotiation is not permitted. A client must challenge the server with a ClientHello message. If this is not received by the FTPS server, the connection is immediately dropped.
- Are FTPS servers required to provide a public key certificate?
Yes. These can be created through the use of tools, including but not limited OpenSSL.
- What are the reasons why many people ditch FTP for the use of FTPS?
There is no requirement to transmit data via FTPS, but there are many reasons to make the change from plain FTP. Above all else, passwords and data are un-encrypted with FTP.
Along with this, FTP servers are often times attacked through "back doors." When this happens, it is possible for an attack to go unrecognized for an extended period of time.
- Are there any situations in which it is okay to ignore FTPS, instead opting for plain FTP?
When it comes to online security, most people believe in the idea that "it is better to be safe than sorry."
There are times when FTP is enough, such as when everything on the server is set to be shared. Furthermore, this could make sense if no networking port or firewall is necessary.
- What do users consider the top benefits of FTPS?
The primary benefit is the security, but others include: used by millions, communication that can be read by humans, server to server file transfers, and support that is offered by many communication frameworks.
- Are there any drawbacks of using FTPS?
Just the same as any security extension or application, you must be aware of both the pros and cons.
In an overall sense, FTPS is capable of handling the secure transmission of data. There are drawbacks to be aware of, which can include: lack of a uniform directory listing format, some FTP servers do not support SSL/TLS, and it requires a secondary DATA channel.
For some, these drawbacks are enough to scare them away from FTPS and toward another option. Others realize that despite the perceived drawbacks that this is still the best way to safely and securely transmit data via the internet.
- What are some of the top hosting companies offering FTPS access?
It is good to check on FTPS access with any host you are considering, but some of the best include: Site5, DreamHost, A Small Orange, DailyRazor, HostDeal, 1 & 1, and BlueFur.
- Is FTPS access the same from one hosting company to the next?
There may be some slight differences as you change from one hosting company to another, but the basics of FTPS access remain the same. In its simplest form, this is always a security extension.