Explanation of the FTP and SFTP protocols

Companies and other Internet users often provide files and general-interest materials to be downloaded from an FTP server. To access this FTP server, users need access to the Internet (via a modem, ISDN, DSL or a local network) and an FTP client program (such as WISE-FTP).

Users are advised to use the SFTP protocol to ensure that the file transmission will be secure. This protocol encrypts the data transferred to the FTP server and prevents unauthorized access during the operation.

What is FTP?

FTP stands for "File Transfer Protocol". It is an Internet service specially designed to establish a connection to a particular Internet server (or computer), so that users are able to transfer files (download) to their computer or to transfer (upload) their own files to the server (computer). The FTP protocol also includes commands that can be used to execute operations on a remote computer; e.g., to show folder contents, change directories, create folders or delete files.

FTP is based on the client/server model for communications between computers. In this model, a computer called a server runs a program that "serves" data to other computers. The other computers run client programs that request information and process the replies that the server sends. When using FTP, the external computer (the external system) that is running the server program is called the FTP server (host, remote system).

What is SFTP?

SFTP stands for "Secure File Transfer Protocol". The Secure File Transfer Protocol ensures that data is securely transferred using a private and safe data stream. It is the standard data transmission protocol for use with the SSH2 protocol. WISE-FTP implements a reliable and user-friendly version of the client side of this protocol.

The SFTP protocol's main purpose is to transfer data, but it is also used to obtain general access to the FTP server's file system. The SFTP protocol runs on a secure channel - no clear text passwords or file data are transferred.

Risks when using the FTP protocol

Using the FTP protocol is regarded to be very unsafe because a password must always be entered for the transfer. The password is subsequently transmitted over the Internet without encryption. Despite the fact that FTP is one of the oldest and most widely used Internet protocols, there are security risks when using it. These include:

  • A user's name and password are transferred in clear text when logging on and can therefore be easily recognized.
  • When using an FTP connection, the transferred data could "stray" to a remote computer and not arrive at their intended destination. Third parties can then download data from the remote system to their own computers, or existing data can be viewed and edited. This presents a significant risk, particularly when transferring company confidential information.
  • FTP can also be used to determine the passwords of individual users, since the password is transferred in clear text when logging on. As a result, even those with unauthorized access to this network can record the password information.

It is therefore advisable to use SFTP connections to ensure that data is securely transferred. This data transfer protocol encrypts the connection between your computer and the FTP server. Data is then transferred to your computer over an encrypted connection (SSH-Tunnel).

Fingerprints

Before establishing a connection, the SFTP server sends an encrypted fingerprint of its public host keys to ensure that the SFTP connection will be exchanging data with the correct server. The first time the connection is established, this key is not yet known to the client program and must therefore be confirmed by the user before data is exchanged for the first time. Once you have established a connection to an FTP server and are sure that it is really the correct server, you should save the fingerprint information locally. This enables you to check the fingerprint information against the data you have saved every time you establish a new connection to ensure that no one is between you and the server. Different servers issue fingerprints only once. They are generated by a server's private key.

Use WISE-FTP to ensure secure authentication and data transfer. WISE-FTP implements the SFTP protocol and has everything you need to ensure your everyday data transfers are secure.