Differences Between FTPS and SFTP

FTP (File Transfer Protocol) is considered as insecure protocol because it transfers user authentication data (username and password) and file data as plain-text (not encrypted) over the network. Because of this, FTP is vulnerable to password sniffing, data spoofing, and other network attacks.

Two secure alternatives of FTP (File Transfer Protocol) are FTPS (File Transfer Protocol Secure) and SFTP (Secure File Transfer Protocol or SSH File Transfer Protocol).

What is FTPS (File Transfer Protocol Secure)

FTPS is an extension of FTP with SSL/TLS for security. FTPS, defined in RFC 4217, which is a standard IETF protocol. Similar to FTP, FTPS also uses a Control channel and opens new TCP connections for Data transfer. The Control channel is used for user authentication and exchanging FTP commands and FTP return codes. However, file transfer and directory listing are done via FTP Data channel. Since two different channels are used, FTPS is not firewall friendly.

FTPS requires digital certificates, because it uses SSL/TLS protocol.

What is SFTP (Secure File Transfer Protocol or SSH File Transfer Protocol)

SFTP (Secure File Transfer Protocol or SSH File Transfer Protocol) is a different protocol with uses the SSH well-known port (TCP port 22) for both Control and Data channels. SFTP runs over the SSH (SecureShell) protocol. SSH (SecureShell) is used provide a secure connection between Client and Server, and SFTP provides the file transfer commands. Since there is only one port, SFTP is firewall friendly.