FTP, SFTP, FTPS and TFTP are protocols that are used to transfer files over a network.
FTP stands for File Transfer Protocol. This is a standard protocol that is used to transfer files between computers and servers over a network, such as the Internet. In a nutshell, FTP is the language that computers use to transfer files over a TCP/IP network.
For example, if someone anywhere in the world wanted to make their files available for other people to download, all they would have to do is upload their files to the FTP server and then other people from anywhere in the world can simply connect to that FTP server and download the files using the FTP protocol.
For this, we can use a dedicated FTP server or we can also configure our own computer to act as an FTP server. For example, in Microsoft Windows this can be done using the Internet Information Services Manager.
FTP servers usually require an account with a username and password, but sometimes you can just log in anonymously. It just depends on what type of authentication that the owner of the FTP server has set up. It’s also important to note that FTP is a connection-oriented protocol that uses TCP for file transfer, meaning it guarantees file delivery.
There are a couple of ways to transfer files using FTP. You can use your standard Internet browser or you can use an FTP client. For example, using web browser you would simply type in the address of the FTP server that you want to connect to, just as if you were going to a regular web site. Let’s say that the web address of the FTP server is ftp.example.com. For this you would type the address ftp://ftp.example.com/ as the URL in your web browser. Normally, if you were going to a regular web site, the prefix would be ‘http://’, but since we are going to an FTP site, the prefix is ‘ftp://’. Once you are connected to the FTP server, you will have a view of files and folders on the server. From here you can browse different folders that’s on the FTP server depending on what the owner has made available, and then you can view and download what you want.
Another way that you can connect to an FTP server is by using an FTP client. There are a number of FTP clients that you can use, but probably the most popular free FTP client is called FileZilla, which you can download for free. Advantage of using an FTP client is that it provides a graphical user interface and a better overall experience than using a web browser. The first step is to set up a connection by providing the address of the FTP server along with a username and password if required and the port number (common port for FTP is 21). Once connected, you will usually have the left pane where you will have the files and folders on your local computer, and the right pane where you have a view of the files and folders that are on the remote FTP server. From here you can just click or drag and drop files from the FTP server. To download files to your computer just click on them or drag them over from the right pane to the left pane. If you have proper permissions you can also upload files from your computer to the FTP server by dragging them from the left pane to the right pane.
Transferring files between computers is a common use of FTP, especially when you’re transferring files in bulk. Another common use of using FTP is to give the ability of website designers to upload files to their web servers.
The main drawback of using FTP is that it’s not a secure protocol, meaning that the data that’s being transferred is not encrypted. All data is sent in clear text which can cause security concerns. Because of that, FTP should only be used on a limited basis, or on only trustworthy networks, or if the data that’s being transferred is not sensitive.
If you’re going to transfer data that needs to be protected, a more secure transfer protocol should be used, and that’s where SFTP comes.
SFTP stands for Secure File Transfer Protocol. Secure FTP is just like FTP, except that it adds a layer of security. Using secure FTP the data is actually encrypted using Secure Shell (SSH) during data transfer (no data is sent in clear text). Secure FTP authenticates both the user and the server and it uses port 22.
FTPS stands for File Transfer Protocol Secure. So, there are two secure variations of FTP: SFTP and FTPS. FTPS uses SSL/TLS, and the biggest difference between Secure FTP (SSH) and FTP Secure (SSL/TLS) is that the latter is able to make use of TLS/SSL certificates issued from a CA in order to transfer data, making it very secure.
There are two incompatible variants of FTPS: explicit and implicit. FTPS explicit is the most recent and most widely used variant. FTPS implicit is older and is generally being phased out. FTP and FTPS explicit can coexist on the same port (usually 21), in fact FTPS explicit connections start out as FTP connections before being switched to SSL/TLS. FTPS implicit requires its own dedicated port (usually 990).
The main difference between the FTP and FTPS ports’ usage is the expected security behavior of clients and servers communicating through them. A server that receives a request via Port 990 will immediately perform an SSL handshake, because connection via that port implies the desire for a secure connection (Implicit security). Control connections established via Port 21 will require an additional AUTH command to invoke security (known as Explicit security because the client must explicitly ask to secure the connection).
TFTP stands for Trivial File Transfer Protocol. This is a very simple File Transfer Protocol. It is not used to transfer files over the Internet like FTP, SFTP or FTPS does. It’s mainly used for transferring files within a local area network. For example, it’s often used to transfer configuration files and firmware images to network devices such as firewalls and routers. It uses port 69.
TFTP is something that most people will never use, and unlike FTP and Secure FTP that use the TCP protocol for file transfer, TFTP is a connection-less protocol that uses UDP instead. Because it uses UDP instead of TCP, it’s an unreliable transfer protocol. TFTP does not provide any security during the transfer.
If you’re not familiar with TCP and UDP, read our introduction that explains the difference between the TCP and UDP protocols.