-1

Beside of inbound/outbound port configuration and encryption. I have the following doubts:

  1. If FTPS encrypts both command and data channels via SSL, why it is said that communication is human-readable? In what format?
  2. The binary condition of SFTP is what it makes it a FTP connection more secured?
  3. If over SFTP the session is encrypted, what is the difference against FTPS where both channels are encrypted too?
  4. What is the disadvantage of using the default port 990 of FTPS over SFTP if I am setting up exclusively a SFTP and not a FTPS server? Or I should continue using the port 22?
Maximus Decimus
  • 4,901
  • 22
  • 67
  • 95

1 Answers1

3
  1. If FTPS encrypts both command and data channels via SSL, why it is said that communication is human-readable? In what format?

I don't know what you refer to in "it says" but this statement is usually only done about FTP, not FTPS (FTP with SSL). And FTP is a human readable text based protocol, see RFC 959 for details.

  1. The binary condition of SFTP is what it makes it a FTP connection more secured?

First, SFTP and FTPS are different things, the first being file transfer over SSH while the second the FTP protocol augmented with SSL. And it is not that simply using a binary protocol makes it safe, instead the SSL/TLS layer used in FTPS makes proper use of cryptography and this makes it safe. Similar the SSH layer in SFTP provides proper cryptography and this is what makes it safe too - not that it is binary.

  1. If over SFTP the session is encrypted, what is the difference against FTPS where both channels are encrypted too?

These are completely different protocols. Specifically FTPS has the same major disadvantage as FTP does in that it uses new connections for data transfer where the endpoint of the connection are dynamically created. This makes it very hard or impossible to properly pass it through restrictive firewalls or even NAT. SFTP instead is only a single TCP connection.

  1. What is the disadvantage of using the default port 990 of FTPS over SFTP if I am setting up exclusively a SFTP and not a FTPS server? Or I should continue using the port 22?

In terms of security it does not matter which port you use. It might add some obscurity if you use a non-standard port though which might result in less people trying to scan it for vulnerabilities like weak passwords.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • @SteffenUlrich, Thanks for your answer. Any article that I find about FTPS vs SFTP on Google, it says that FTPS is a communication human-readable. While SFTP is binary. What do they mean about FTPS is human-readable if both channels are encrypted? https://www.secureblackbox.com/kb/articles/FTPS-vs-SFTP.rst – Maximus Decimus Sep 19 '18 at 14:52
  • @MaximusDecimus: if you strip the SSL layer you get FTP and this is human readable. Claims that FTP with added SSL layer is still human readable are wrong or assume a kind of human which is not common. But, you've referenced only *one* article which is far from *any* article you claimed - just make a packet capture and take a look yourself. – Steffen Ullrich Sep 19 '18 at 14:58
  • @SteffenUlrich. Thanks for your clarification and your answer. – Maximus Decimus Sep 19 '18 at 15:00