Increasing Data Security Using FTP over TLS
Secure Shell (SSH2) is one of the most commonly recognized network protocols to increase security of data in transit over public networks. However, not all systems provide SSH2 connectivity, making secure file transfer using SCP or SFTP impossible.
SecureFX® supports FTP over TLS, allowing you to conduct secure file transfer operations with systems that support FTP secured with Transport Layer Security (TLS).
FTP over TLS vs. FTP over SSH
File transfer operations using FTP leave all data vulnerable to hacking attacks. A number of methods to increase data security for FTP-facilitated operations have been developed over the years, including "Secure FTP." "Secure FTP" refers to the practice of securing file transfers by tunneling an FTP session over an encrypted SSH connection. FTP over SSH only tunnels the initial connection used for command data, thereby protecting usernames and passwords. But because FTP uses separate ports for command and content data, "Secure FTP" provides no protection for file content data, which is transmitted over a second, unencrypted connection.
Securing file transfer operations using FTP over TLS does not entail port forwarding. Instead, file transfer operations are secured by applying the cryptographic protocols inherent in TLS.
Data Protections Provided by TLS
TLS security entails:
- Strong data encryption
- Host identity verification (using public keys)
- User authentication (using self-signed certificates)
- Data integrity
Thus, FTP over TLS applies protections comparable to SSH2/SFTP to ensure data security and data integrity.
Negotiating TLS Security
Unlike other file transfer protocols, FTP over TLS has two "modes"—explicit and implicit—which introduces the option of disabling TLS security protocols by the client.
In explicit FTP over TLS, the local client must specifically request server-side TLS security by challenging the server. If the client does not request TLS security, the server may establish an unencrypted connection, allowing the file transfer operation to proceed using (non-secure) FTP. However, the server may also deny the connection if security policy does not allow file transfers without TLS security.
In implicit FTP over TLS, the "request" for TLS security is automatic, so there is no opportunity for the client to disable TLS security protocols.
SecureFX provides the flexibility you need in a standard file transfer client. Support for FTP over TLS increases your options for secure file transfer, thereby minimizing server compatibility issues. And it is available for most major platforms (Windows, Mac, and Linux). Try SecureFX for a free 30-day evaluation.
Please contact us for assistance in finding the right solution for your organization.