What is FTPS: the principle of operation and differences from conventional FTP

Modern Internet is a set of computers, united by special protocols of information exchange. To display sites use HTTP, HTTPS, and to exchange large files use FTP, SFTP and FTPS. Let's see what an FTPS server is. We also learn how to work with him.

What is FTPS?

The protocol name can be divided into two parts: FTP + SSL or FTP + TLS (advanced version of SSL). The first part is basic and is an abbreviation of the File Transfer Protocol, the file transfer protocol. This method of data exchange is not standardly encrypted, therefore, files sent via FTP are easy to intercept and crack. These features used to be used by hackers to steal important documentation from company servers.

To correct the lack of information security, developed the FTPS protocol. In it, all the transferred files are first processed via SSL or TLS (encryption protocols), so commands and packages during the transfer are illegible for scams, for example, instead of "Hello" comes "GTYSL". On the server, all the code is converted back to logical expressions.

We can sum up the question of whether FTPS is what it is and what its functions are. This is a secure FTP protocol. Now when transferring information, you can be sure that the files will remain known only to authorized users. Do not confuse FTPS and SFTP, these are different protocols and work on different principles.

How to translate the server to FTPS

Some do not know what an FTPS server is. This is the computer on which the files are stored, it works in the same way as the FTP server (transmits files on the client's request). Except that all information is encrypted before the file exchange begins.

To protect the file server from unwanted intrusion, you will need to create a digital certificate. If you are using Filezilla Server, then go to the SSL / TLS settings section. Here you will need to create a new certificate, which contains information about the country code, organization name, etc.

The certificate can be obtained free through Filezilla or through other services. For local access, a self-signed certificate will suffice, but for public activities these measures will not be enough, and the certificate can be purchased from the certification authority.

FTPS connection

To better understand what FTPS is, consider the protocol workflow. Unlike FTP, when connected, the client can request a secure connection, for example, a separate port with encryption. Consider the algorithm for requesting a certificate in more detail:

1. The client requested data encryption (sends the request CSR-code).
2. The server reconciles the encryption algorithm and sends the client an SSL certificate for verification and a public key from the RSA-cipher.
3. The client reads the information from the certificate and refers to the center that issued the certificate. If the center and the server have the same certificates, then the test is completed and the connection continues. Otherwise, the connection is terminated and an error code is sent to the server.
4. If the check is successful, the client creates an encrypted session key (for encrypting files) and it is sent to the server. For this, random numbers and RSA-encryption with public and private keys are used.
5. The server receives the key and decrypts it. In the future, this key is used to encrypt all sent and received files.

After receiving the private key of the session, data transfer begins. The key is checked with each new request, all data inside the FTPS-protocol is securely encrypted.

Connection reliability

With TSL / SSL certificates, you can get rid of phishing. Authentication allows the browser to know for sure that its data is sent in encrypted form to the specified server, and not to the computer of the attackers. It is especially important to use encryption when entering personal information, bank card numbers, etc.

For complete certainty, you can require the use of a digital certificate not only from the server, but also from the client. Such precautions should be used in banks, for example, when transferring important information about the client base.

Even if an attacker can get files from the FTP protocol, they are all encrypted, and it's impossible to read their contents without a secret RSA key.