Two types of secure FTP exist: FTPS and FTPES. While they are both built on the same protocol, FTPS and FTPES have subtle differences that make them better for different scenarios. In this blog, we’ll compare the differences between FTPS and FTPES to help you make an informed decision between the two protocols.
What is FTPS?
FTPS stands for File Transfer Protocol Secure or SSL (Secure Sockets Layer.) As its acronym implies, FTPS is more secure than unencrypted FTP because it requires a secure connection to be established via SSL/TLS before the FTP session begins (also known as implicit encryption). Regular FTP commands are then sent over the secure connection in order to transfer file data. This traffic is protected from prying eyes by the SSL/TLS encryption.
- The most significant advantage of FTPS is its use of implicit SSL allows it to use a dedicated port reserved for secure connections. This dedicated port requires less overhead when establishing a session because it will always be on and requires no manual activation.
- FTPS servers over LAN connections can suffer from connection errors when communicating through NAT gateways
- FTPS does not allow an administrator to specify the level of communication and integrity protection encryption, which can make it less secure compared to FTPES for some types of transfer
- FTPS is an older version of encrypted FTP, although it is still in widespread use
What is FTPES?
FTPES is a form of FTPS that will explicitly upgrade an unencrypted connection request to a secure connection during initial authentication (as opposed to FTPS, which will not accept an unencrypted request) and will allow you to specify which aspects of the transfer should be encrypted.
- FTPES allows you to specify levels of acceptable encryption and data integrity protection, which can provide strong protection against certain types of attacks and help maintain compliance with information protection standards
- FTPES is more firewall-friendly, as it allows a client and server to negotiate different encryption levels before beginning a transfer
- FTPES can help improve transfer speed where some information can be transmitted without encryption
- FTPES connections can be less secure during the initial negotiation phase, which occurs prior to the establishment of an encrypted connection
- Servers that use FTPES may require more active monitoring of firewall/port configurations depending on your transfer encryption settings (you may need to open both your control port and your FTP PASV ports)
Choosing between the two – Should You Use FTPS or FTPES?
While both versions of FTP will provide strong security for most users. Your choice between FTPS or FTPES will come down to the characteristics of your business requirements:
FTPS will likely be the better choice if you:
- Prefer to “set and forget” your firewall settings
- Want to ensure that initial connections and credentials are transmitted under encryption
FTPES will likely be the better choice for organizations that:
- Consist of more robust encryption and integrity evaluation requirements
- Do not need to encrypt all data in a typical transfer
- Holds the resource and attention for managing increased firewall and port configuration complexity