FTP/SFTP
What is FTP?
FTP (File Transfer Protocol) is one of the oldest internet protocols, created in 1971. Think of it as a specialized language that computers use to send files to each other over a network. Just like you might use HTTP to view web pages, you use FTP to upload or download files to/from a server.
Basic Networking Foundation
Before diving into FTP, here's what you need to know:
Client-Server Model: One computer (client) requests something, another computer (server) provides it
IP Address: A unique address for each computer on a network (like 192.168.1.1)
Port: A numbered door on a computer where specific services listen (like apartment numbers in a building)
TCP/IP: The underlying communication system that ensures data gets delivered reliably
How FTP Actually Works
FTP is unique because it uses two separate connections:
Control Connection (Port 21): For sending commands like "login", "list files", "delete file"
Data Connection (Port 20): For the actual file transfer
Think of it like a phone call where you talk on one line to coordinate, then the actual package delivery happens on a separate truck route.
Simple FTP Example
Here's what happens when you upload a file:
The Big Problem with FTP: No Security
Here's the critical issue: FTP sends everything in plain text, including your username and password. It's like shouting your credit card number across a crowded room. Anyone monitoring the network can see:
Your login credentials
The contents of your files
All your commands
This is why FTP is considered outdated and dangerous for most uses today.
SFTP: The Secure Solution
SFTP (SSH File Transfer Protocol) is completely different from FTP, despite the similar name. It:
Runs over SSH (Secure Shell) protocol
Encrypts everything - credentials, commands, and data
Uses only one connection (typically port 22)
Is actually a completely different protocol, not just "FTP with security added"
SFTP Example
Where These Protocols Are Used Today
FTP (Declining Use)
Still used in:
Legacy systems that haven't been updated
Internal networks where security isn't a concern (though this is risky)
Some web hosting providers (unfortunately)
Anonymous public file servers (like some open-source software mirrors)
Why it's dying:
Major security vulnerability
Modern alternatives are better
Many organizations ban it outright
Web browsers are removing FTP support (Chrome removed it in 2021, Firefox is phasing it out)
SFTP (Still Actively Used)
Commonly used for:
Secure file transfers between servers
Website deployment and management
Automated data exchanges between companies
Backup systems
Financial institutions transferring sensitive data
Healthcare systems (HIPAA compliance requires encryption)
Government systems
Example Real-World Scenarios:
Web Development: Developers use SFTP to upload website files to web servers securely
Business Data Exchange: Company A sends daily sales reports to Company B's server using automated SFTP
System Administration: IT teams use SFTP to transfer log files, backups, and configuration files between servers
Remote Work: Employees securely access company files from home using SFTP clie
Modern Alternatives
While SFTP is still widely used, other modern solutions are also popular:
Cloud Storage APIs (Amazon S3, Google Cloud Storage, Azure)
HTTPS-based file transfer (more web-friendly)
rsync over SSH (efficient synchronization)
Git/GitHub (for code and version-controlled files)
WebDAV (web-based file access)
Key Takeaways
Use SFTP, not FTP: If you need to transfer files securely, always choose SFTP. The "S" really matters!
FTP is legacy technology: It's being phased out due to security concerns. If you encounter it, consider it a red flag that the system needs updating.
SFTP is still relevant: Despite being created in the 1990s, SFTP remains a solid choice for secure file transfers, especially in enterprise environments and between servers.
The protocol might seem old-fashioned compared to modern cloud solutions, but its simplicity, reliability, and security make it a lasting tool in the IT toolkit.
Last updated