Why we use SFTP instead of FTP?
Why use SFTP instead of FTP?
For security reasons we have disabled FTP and use SFTP instead. While FTP (secure) uses SSL/TLS encryption there are still security risks. Compliance strict regulations and standards regarding data protection (e.g., GDPR, HIPAA). Using SFTP can help organizations comply with these requirements, as it offers strong security features necessary for handling sensitive data.
Although FTPS (FTP Secure) is more secure compared to the traditional one because it encrypts your data using SSL/TLS, there are still a few security matters that organizations need to consider:
Passive Mode Port Ranges on SSH:
Passive Mode Data Connections via FTPS — Basically, with network NATs, you need a range of ports to be open on the data connection side. If left unattended, this may open more doors to the servers on the internet, adding a level of complexity as you need to secure all other ports against potential threats.
Certificate Management:
FTPS uses SSL/TLS certificates for encryption. Vulnerabilities occur from misconfigured certificate management, like using self-signed certificates, expired certificates, or non-trusted properly certified ones. This can allow attackers to exploit these flaws and perform man-in-the-middle (MitM) attacks.
Compatibility Issues:
FTPS is not universally supported by firewalls and network devices as SFTP (which uses a single port). This can make it challenging to secure FTPS traffic and may result in additional configuration needed for proper operation across different network environments.
Complex Configuration:
Setting up FTPS properly is no picnic, and it can get much more complex with the introduction of firewall rules, NAT (Network Address Translation), secure certificates, etc. Misconfigurations, like inadvertently allowing non-encrypted connections or not securely locking down the server, become vulnerabilities.
Data Integrity and Authentication Issues:
FTPS encrypts the data in transit but does not natively include a mechanism for ensuring that transferred files maintain their integrity beyond what SSL/TLS already provides. When the data is encoded in an undisclosed unreadable format, there might be chances of hacking on this encryption, or implementing through the wrong channel can make way for disclosure.
Mixed Mode Support:
Many FTPS servers support mixed mode: Some connections use encryption, and some do not. If the server or client has an incorrect (or weak) configuration to accept plain/non-secure connections, it can lead to data being transferred without a secure connection, disregarding the advantages of FTPS.
Neglects Weakness in SSL/TLS Attacks:
Since FTPS relies on SSL/TLS for encryption, it is exposed to vulnerabilities within these protocols as well (e.g., POODLE; attacks against older versions of SSL/TLS). This is important because it ensures that the latest secure version of TLS is used.
FTP Bounce Attack:
Although this type of attack against traditional FTP is somewhat old, the default configurations associated with modern wrapping of complete end-to-end encryption prevent data packets from wandering too far after any vulnerable channel has been breached. The FTPS server could also possibly be abused in general by an attacker to connect to different systems via the proxy of that one service.
Organizations must ensure they:
If you have a choice, opt for SFTP (Secure File Transfer Protocol) as it operates over one port only (typically 22) and is very easy to secure. (Read: How to setup SFTP)
Establish robust and well-managed SSL/TLS Certificates.
Carefully configure the firewalls and NAT rules to reduce the FTPS ports exposure.
Do not allow unencrypted traffic or obsolete SSL/TLS versions.
Always keep the FTPS servers up to date and secure with updates.
Keep tabs on FTPS traffic and logs to spot anything out of the ordinary.